Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6129-2

Ubuntu Security Notice 6129-2 - USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service.

Packet Storm
Open in Source
#vulnerability#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-6129-2
July 25, 2023

avahi vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 16.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Avahi could be made to crash if it received specially crafted DBus traffic.

Software Description:

  • avahi: IPv4LL network address configuration daemon

Details:

USN-6129-1 fixed a vulnerability in Avahi. This update provides the
corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04
LTS.

Original advisory details:

It was discovered that Avahi incorrectly handled certain DBus messages. A
local attacker could possibly use this issue to cause Avahi to crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
avahi-daemon 0.7-3.1ubuntu1.3+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
avahi-daemon 0.6.32~rc+dfsg-1ubuntu2.3+esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
avahi-daemon 0.6.31-4ubuntu1.3+esm2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6129-2
https://ubuntu.com/security/notices/USN-6129-1
CVE-2023-1981

Related news

CVE-2023-48660: DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Secu

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

Red Hat Security Advisory 2023-7190-01

Red Hat Security Advisory 2023-7190-01 - An update for avahi is now available for Red Hat Enterprise Linux 8.

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

Ubuntu Security Notice USN-6129-1

Ubuntu Security Notice 6129-1 - It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service.

CVE-2023-1981: Invalid Bug ID

A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.

Packet Storm: Latest News

Zeek 6.0.9
Packet Storm