Debian: DLA-3047-1 Critical: Avahi Denial of Service Exploit
debian lts
June 7, 2022
It was discovered that the Debian package of Avahi, a framework for Multicast DNS Service Discovery, executed the script avahi-daemon-check-dns.sh with root privileges which would ...
Summary
Furthermore it was found (CVE-2021-3468) that the event used to signal the
termination of the client connection on the avahi Unix socket is not correctly
handled in the client_work function, allowing a local attacker to trigger an
infinite loop.
For Debian 9 stretch, these problems have been fixed in version
0.6.32-2+deb9u1.
We recommend that you upgrade your avahi packages.
For the detailed security status of avahi please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/avahi
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: avahi
Version: 0.6.32-2+deb9u1
CVE ID: CVE-2021-3468 CVE-2021-26720
Debian Bug: 984938
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!