Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6129-1

Ubuntu Security Notice 6129-1 - It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service.

Packet Storm
#vulnerability#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-6129-1
June 01, 2023

avahi vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.04
  • Ubuntu 22.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Summary:

Avahi could be made to crash if it received specially crafted DBus traffic.

Software Description:

  • avahi: IPv4LL network address configuration daemon

Details:

It was discovered that Avahi incorrectly handled certain DBus messages. A
local attacker could possibly use this issue to cause Avahi to crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
avahi-daemon 0.8-6ubuntu1.23.04.1

Ubuntu 22.10:
avahi-daemon 0.8-6ubuntu1.22.10.1

Ubuntu 22.04 LTS:
avahi-daemon 0.8-5ubuntu5.1

Ubuntu 20.04 LTS:
avahi-daemon 0.7-4ubuntu7.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6129-1
CVE-2023-1981

Package Information:
https://launchpad.net/ubuntu/+source/avahi/0.8-6ubuntu1.23.04.1
https://launchpad.net/ubuntu/+source/avahi/0.8-6ubuntu1.22.10.1
https://launchpad.net/ubuntu/+source/avahi/0.8-5ubuntu5.1
https://launchpad.net/ubuntu/+source/avahi/0.7-4ubuntu7.2

Related news

CVE-2023-48660: DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Secu

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

Red Hat Security Advisory 2023-7190-01

Red Hat Security Advisory 2023-7190-01 - An update for avahi is now available for Red Hat Enterprise Linux 8.

Ubuntu Security Notice USN-6129-2

Ubuntu Security Notice 6129-2 - USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service.

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

CVE-2023-1981: Invalid Bug ID

A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution