Advisory ROSA-SA-2026-3311

Component: avahi 0.8 OS: ROSA-CHROME Unaffected versions: = avahi-0.8-12.git35bb1b.11 Affected versions: avahi-0.8-12.git35bb1b.11 CVE-ID: CVE-2026-34933 BDU-ID: None CVE-Crit: Medium CVE-DESC.: The vulnerability in Avahi allows an unprivileged local user to cause an emergency termination of...

Astra Linux - уязвимость в avahi

A vulnerability was discovered in Avahi. There exists a potentially exploitable assertion in the avahialternativehostname function...

Astra Linux - уязвимость в avahi

A vulnerability was discovered in Avahi. There exists a potentially exploitable assertion in the avahirdataparse function...

USN-8269-1: Avahi vulnerabilities

It is discovered that Avahi incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04...

USN-8269-1 avahi vulnerabilities

It is discovered that Avahi incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04...

SUSE-SU-2026:21631-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2026-34933: reachable assertion in transportflagsfromdomain can crash the avahi-daemon bsc1261546...

CVE-2026-34933 affecting package avahi for versions less than 0.8-8

CVE-2026-34933 affecting package avahi for versions less than 0.8-8. A patched version of the package is available...

CLSA-2026-1778112033 avahi: Fix of CVE-2026-24401

CVE-2026-24401: fix avahi-daemon crash on receipt of unsolicited mDNS responses containing self-referencing CNAME records by detecting CNAME loops in lookuphandlecname to prevent uncontrolled recursion and stack exhaustion; also includes two related DoS fixes in the same lookup path from upstream...

OPENSUSE-SU-2026:10701-1 avahi-0.8-44.1 on GA media

These are all security issues fixed in the avahi-0.8-44.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-38518

These are all security issues fixed in the avahi-0.8-44.1 package on the GA media of openSUSE Tumbleweed...

avahi-0.8-43.1 on GA media (moderate)

avahi-0.8-43.1 on GA media Announcement ID: openSUSE-SU-2026:10670-1 Rating: moderate Cross-References: CVE-2026-34933 CVSS scores: CVE-2026-34933 SUSE : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

OPENSUSE-SU-2026:10670-1 avahi-0.8-43.1 on GA media

These are all security issues fixed in the avahi-0.8-43.1 package on the GA media of openSUSE Tumbleweed...

Astra Linux - уязвимость в avahi

A vulnerability was discovered in the avahi library. This flaw allows a non-privileged user to make a dbus call, causing the avahi daemon to crash...

Astra Linux - уязвимость в avahi

A vulnerability was discovered in Avahi. There exists a potentially exploitable assertion within the dbussethostname function...

Astra Linux - уязвимость в avahi

A flaw was discovered in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not handled correctly in the clientwork function, allowing a local attacker to trigger an infinite loop. The most significant threat from this...

Astra Linux - уязвимость в avahi

A vulnerability was discovered in Avahi. There exists a potentially exploitable assertion in the avahiescapelabel function...

Astra Linux - уязвимость в avahi

A vulnerability was discovered in Avahi, where there is an accessible assertion in avahidnspacketAppendRecord...

Astra Linux - уязвимость в avahi

In Avahi, including versions 0.6.32 and 0.7, avahi-daemon inadvertently responds to IPv6 unicast queries with source addresses that are not on-link. This allows remote attackers to cause a denial of service traffic amplification and may lead to information leakage by extracting potentially...

Astra Linux - уязвимость в avahi

The avahi-daemon-check-dns.sh script within the Debian avahi package, as of version 0.8-4, is executed as the root user via /etc/network/if-up.d/avahi-daemon. This script allows a local attacker to cause a denial of service or create arbitrary empty files through a symlink attack on files located...

SUSE-SU-2026:21417-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2026-34933: reachable assertion in transportflagsfromdomain can crash the avahi-daemon bsc1261546...