21 matches found
CBL Mariner 2.0 Security Update: avahi (CVE-2021-26720)
The version of avahi installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-26720 advisory. - avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via...
Debian DLA-3047-1 : avahi - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3047 advisory. - avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cau...
[SECURITY] [DLA 3047-1] avahi security update
Debian LTS Advisory DLA-3047-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 07, 2022 https://wiki.debian.org/LTS Package : avahi Version : 0.6.32-2+deb9u1 CVE ID : CVE-2021-3468 CVE-2021-26720 Debian Bug : 984938 It was discovered that the Debian package o...
openSUSE 15 Security Update : avahi (openSUSE-SU-2021:1845-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1845-1 advisory. - avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows...
openSUSE: Security Advisory for avahi (openSUSE-SU-2021:1845-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for avahi (important)
openSUSE Security Update: Security update for avahi Announcement ID: openSUSE-SU-2021:1845-1 Rating: important References: 1180827 1184521 Cross-References: CVE-2021-26720 CVE-2021-3468 CVSS scores: CVE-2021-26720 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26720 SUSE: 7.8...
SUSE: Security Advisory (SUSE-SU-2021:1845-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:0551-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : avahi (SUSE-SU-2021:1845-1)
This update for avahi fixes the following issues : CVE-2021-3468: avoid infinite loop by handling HUP event in clientwork bsc1184521. CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh bsc1180827 Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on...
SUSE: Security Advisory (SUSE-SU-2021:0563-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for avahi (openSUSE-SU-2021:0370-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED15 / SLES15 Security Update : avahi (SUSE-SU-2021:0551-1)
This update for avahi fixes the following issues : CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh bsc1180827 Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. Add sudo to requires: used to drop privileges. Note that...
SUSE SLES12 Security Update : avahi (SUSE-SU-2021:0563-1)
This update for avahi fixes the following issues : CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh bsc1180827 Add sudo to requires: used to drop privileges. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...
SUSE-SU-2021:0563-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh bsc1180827 - Add sudo to requires: used to drop privileges...
SUSE-SU-2021:0551-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh bsc1180827 - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Add sudo to requires: used to drop privileges...
CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
CVE-2021-26720
CVE-2021-26720 affects the Debian avahi package (up to 0.8-4). The issue arises from avahi-daemon-check-dns.sh being executed with root privileges via /etc/network/if-up.d/avahi-daemon, enabling a local attacker to cause denial of service or create arbitrary empty files through a symlink attack o...
CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...