SUSE SLES12: avahi / avahi-compat-howl-devel / avahi-compat-mDNSResponder-devel / etc (SUSE-SU-2026:0422-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0422-1 advisory. - CVE-2025-68276: avahi: reachable assertion in avahiwideareascancache can lead to crash of avahi- daemon bsc1256498. - CVE-2025-68468: avahi:...

MGASA-2026-0016 Updated avahi packages fix security vulnerabilities

Avahi has a reachable assertion in avahiwideareascancache. CVE-2025-68276 Avahi has a reachable assertion in lookupmulticastcallback. CVE-2025-68468 Avahi has a reachable assertion in lookupstart. CVE-2025-68471...

SUSE-SU-2026:0143-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2025-68276: avahi: reachable assertion in avahiwideareascancache can lead to crash of avahi-daemon bsc1256498. - CVE-2025-68468: avahi: reachable assertion in lookupmulticastcallback can lead to crash of avahi-daemon bsc1256499. -...

Avahi has a reachable assertion in lookup_multicast_callback

...

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the lookupmulticastcallback function. An attacker can cause a crash by sending unsolicited announcements containing CNAME resource records that point to resource records with short TTLs, which, upon expiration,...

CVE-2025-68468 Avahi has a reachable assertion in lookup_multicast_callback

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...