Lucene search

K
amazonAmazonALAS-2023-1790
HistoryAug 03, 2023 - 8:16 p.m.

Medium: avahi

2023-08-0320:16:00
alas.aws.amazon.com
16
avahi
assertion
update
security vulnerability
cve-2023-38469
cve-2023-38470
cve-2023-38471

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

Issue Overview:

A reachable assertion was found in avahi_dns_packet_append_record. (CVE-2023-38469)

A reachable assertion was found in avahi_escape_label. (CVE-2023-38470)

A reachable assertion was found in dbus_set_host_name. (CVE-2023-38471)

Affected Packages:

avahi

Issue Correction:
Run yum update avahi to update your system.

New Packages:

i686:  
    avahi-compat-howl-0.6.25-12.19.amzn1.i686  
    avahi-devel-0.6.25-12.19.amzn1.i686  
    avahi-gobject-devel-0.6.25-12.19.amzn1.i686  
    avahi-dnsconfd-0.6.25-12.19.amzn1.i686  
    avahi-autoipd-0.6.25-12.19.amzn1.i686  
    avahi-gobject-0.6.25-12.19.amzn1.i686  
    avahi-libs-0.6.25-12.19.amzn1.i686  
    avahi-tools-0.6.25-12.19.amzn1.i686  
    avahi-glib-0.6.25-12.19.amzn1.i686  
    avahi-compat-libdns_sd-devel-0.6.25-12.19.amzn1.i686  
    avahi-compat-libdns_sd-0.6.25-12.19.amzn1.i686  
    avahi-glib-devel-0.6.25-12.19.amzn1.i686  
    avahi-compat-howl-devel-0.6.25-12.19.amzn1.i686  
    avahi-0.6.25-12.19.amzn1.i686  
    avahi-debuginfo-0.6.25-12.19.amzn1.i686  
  
src:  
    avahi-0.6.25-12.19.amzn1.src  
  
x86_64:  
    avahi-glib-0.6.25-12.19.amzn1.x86_64  
    avahi-tools-0.6.25-12.19.amzn1.x86_64  
    avahi-gobject-0.6.25-12.19.amzn1.x86_64  
    avahi-0.6.25-12.19.amzn1.x86_64  
    avahi-compat-libdns_sd-0.6.25-12.19.amzn1.x86_64  
    avahi-autoipd-0.6.25-12.19.amzn1.x86_64  
    avahi-debuginfo-0.6.25-12.19.amzn1.x86_64  
    avahi-libs-0.6.25-12.19.amzn1.x86_64  
    avahi-devel-0.6.25-12.19.amzn1.x86_64  
    avahi-compat-howl-0.6.25-12.19.amzn1.x86_64  
    avahi-compat-howl-devel-0.6.25-12.19.amzn1.x86_64  
    avahi-gobject-devel-0.6.25-12.19.amzn1.x86_64  
    avahi-dnsconfd-0.6.25-12.19.amzn1.x86_64  
    avahi-glib-devel-0.6.25-12.19.amzn1.x86_64  
    avahi-compat-libdns_sd-devel-0.6.25-12.19.amzn1.x86_64  

Additional References

Red Hat: CVE-2023-38469, CVE-2023-38470, CVE-2023-38471

Mitre: CVE-2023-38469, CVE-2023-38470, CVE-2023-38471

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%