Headline
Ubuntu Security Notice USN-6487-1
Ubuntu Security Notice 6487-1 - Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service.
==========================================================================
Ubuntu Security Notice USN-6487-1
November 20, 2023
avahi vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Avahi could be made to crash if it received specially crafted
input.
Software Description:
- avahi: IPv4LL network address configuration daemon
Details:
Evgeny Vereshchagin discovered that Avahi contained several reachable
assertions, which could lead to intentional assertion failures when
specially crafted user input was given. An attacker could possibly use
this issue to cause a denial of service. (CVE-2023-38469, CVE-2023-38470,
CVE-2023-38471, CVE-2023-38472, CVE-2023-38473)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
avahi-daemon 0.8-10ubuntu1.1
libavahi-client3 0.8-10ubuntu1.1
libavahi-common3 0.8-10ubuntu1.1
libavahi-core7 0.8-10ubuntu1.1
Ubuntu 23.04:
avahi-daemon 0.8-6ubuntu1.23.04.2
libavahi-client3 0.8-6ubuntu1.23.04.2
libavahi-common3 0.8-6ubuntu1.23.04.2
libavahi-core7 0.8-6ubuntu1.23.04.2
Ubuntu 22.04 LTS:
avahi-daemon 0.8-5ubuntu5.2
libavahi-client3 0.8-5ubuntu5.2
libavahi-common3 0.8-5ubuntu5.2
libavahi-core7 0.8-5ubuntu5.2
Ubuntu 20.04 LTS:
avahi-daemon 0.7-4ubuntu7.3
libavahi-client3 0.7-4ubuntu7.3
libavahi-common3 0.7-4ubuntu7.3
libavahi-core7 0.7-4ubuntu7.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
avahi-daemon 0.7-3.1ubuntu1.3+esm2
libavahi-client3 0.7-3.1ubuntu1.3+esm2
libavahi-common3 0.7-3.1ubuntu1.3+esm2
libavahi-core7 0.7-3.1ubuntu1.3+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
avahi-daemon 0.6.32~rc+dfsg-1ubuntu2.3+esm3
libavahi-client3 0.6.32~rc+dfsg-1ubuntu2.3+esm3
libavahi-common3 0.6.32~rc+dfsg-1ubuntu2.3+esm3
libavahi-core7 0.6.32~rc+dfsg-1ubuntu2.3+esm3
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
avahi-daemon 0.6.31-4ubuntu1.3+esm3
libavahi-client3 0.6.31-4ubuntu1.3+esm3
libavahi-common3 0.6.31-4ubuntu1.3+esm3
libavahi-core7 0.6.31-4ubuntu1.3+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6487-1
CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472,
CVE-2023-38473
Package Information:
https://launchpad.net/ubuntu/+source/avahi/0.8-10ubuntu1.1
https://launchpad.net/ubuntu/+source/avahi/0.8-6ubuntu1.23.04.2
https://launchpad.net/ubuntu/+source/avahi/0.8-5ubuntu5.2
https://launchpad.net/ubuntu/+source/avahi/0.7-4ubuntu7.3
Related news
Red Hat Security Advisory 2024-2433-03 - An update for avahi is now available for Red Hat Enterprise Linux 9.
Red Hat Security Advisory 2023-7836-03 - An update for avahi is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 6497-1 - Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6497-1 - Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6497-1 - Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6497-1 - Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6497-1 - Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service.
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.