[SECURITY] [DLA 3466-1] avahi security update

2023-06-2122:49:21

lists.debian.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Debian LTS Advisory DLA-3466-1 [email protected]
https://www.debian.org/lts/security/ Bastien RoucariÃ¨s
June 21, 2023 https://wiki.debian.org/LTS

Package : avahi
Version : 0.7-4+deb10u3
CVE ID : CVE-2021-3468
Debian Bug : 984938

Avahi a free zero-configuration networking (zeroconf) implementation,
including a system for multicast DNS/DNS-SD service discovery, was
affected by a Deny of Service. The event used to signal the termination of
the client connection on the avahi Unix socket is not correctly handled
in the client_work function, allowing a local attacker to trigger
an infinite loop.

For Debian 10 buster, this problem has been fixed in version
0.7-4+deb10u3.

We recommend that you upgrade your avahi packages.

For the detailed security status of avahi please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/avahi

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11arm64avahi-autoipd-dbgsym< 0.8-5+deb11u2avahi-autoipd-dbgsym_0.8-5+deb11u2_arm64.deb
Debian11ppc64ellibavahi-gobject-dev< 0.8-5+deb11u2libavahi-gobject-dev_0.8-5+deb11u2_ppc64el.deb
Debian11amd64gir1.2-avahi-0.6< 0.8-5+deb11u2gir1.2-avahi-0.6_0.8-5+deb11u2_amd64.deb
Debian11mipselavahi-daemon-dbgsym< 0.8-5+deb11u2avahi-daemon-dbgsym_0.8-5+deb11u2_mipsel.deb
Debian11ppc64elavahi-dnsconfd< 0.8-5+deb11u2avahi-dnsconfd_0.8-5+deb11u2_ppc64el.deb
Debian11i386avahi-utils-dbgsym< 0.8-5+deb11u2avahi-utils-dbgsym_0.8-5+deb11u2_i386.deb
Debian11amd64libavahi-core7< 0.8-5+deb11u2libavahi-core7_0.8-5+deb11u2_amd64.deb
Debian9armhfavahi-utils< 0.6.32-2+deb9u1avahi-utils_0.6.32-2+deb9u1_armhf.deb
Debian10amd64avahi-dnsconfd< 0.7-4+deb10u3avahi-dnsconfd_0.7-4+deb10u3_amd64.deb
Debian9armellibavahi-glib1< 0.6.32-2+deb9u1libavahi-glib1_0.6.32-2+deb9u1_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	arm64	avahi-autoipd-dbgsym	< 0.8-5+deb11u2	avahi-autoipd-dbgsym_0.8-5+deb11u2_arm64.deb
Debian	11	ppc64el	libavahi-gobject-dev	< 0.8-5+deb11u2	libavahi-gobject-dev_0.8-5+deb11u2_ppc64el.deb
Debian	11	amd64	gir1.2-avahi-0.6	< 0.8-5+deb11u2	gir1.2-avahi-0.6_0.8-5+deb11u2_amd64.deb
Debian	11	mipsel	avahi-daemon-dbgsym	< 0.8-5+deb11u2	avahi-daemon-dbgsym_0.8-5+deb11u2_mipsel.deb
Debian	11	ppc64el	avahi-dnsconfd	< 0.8-5+deb11u2	avahi-dnsconfd_0.8-5+deb11u2_ppc64el.deb
Debian	11	i386	avahi-utils-dbgsym	< 0.8-5+deb11u2	avahi-utils-dbgsym_0.8-5+deb11u2_i386.deb
Debian	11	amd64	libavahi-core7	< 0.8-5+deb11u2	libavahi-core7_0.8-5+deb11u2_amd64.deb
Debian	9	armhf	avahi-utils	< 0.6.32-2+deb9u1	avahi-utils_0.6.32-2+deb9u1_armhf.deb
Debian	10	amd64	avahi-dnsconfd	< 0.7-4+deb10u3	avahi-dnsconfd_0.7-4+deb10u3_amd64.deb
Debian	9	armel	libavahi-glib1	< 0.6.32-2+deb9u1	libavahi-glib1_0.6.32-2+deb9u1_armel.deb