Avahi could be made to crash if it received specially crafted
input.
Software Description:
- avahi: IPv4LL network address configuration daemon
Details:
Evgeny Vereshchagin discovered that Avahi contained several reachable
assertions, which could lead to intentional assertion failures when
specially crafted user input was given. An attacker could possibly use
this issue to cause a denial of service. (CVE-2023-38469, CVE-2023-38470,
CVE-2023-38471, CVE-2023-38472, CVE-2023-38473)
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: avahi-daemon 0.8-10ubuntu1.1 libavahi-client3 0.8-10ubuntu1.1 libavahi-common3 0.8-10ubuntu1.1 libavahi-core7 0.8-10ubuntu1.1 Ubuntu 23.04: avahi-daemon 0.8-6ubuntu1.23.04.2 libavahi-client3 0.8-6ubuntu1.23.04.2 libavahi-common3 0.8-6ubuntu1.23.04.2 libavahi-core7 0.8-6ubuntu1.23.04.2 Ubuntu 22.04 LTS: avahi-daemon 0.8-5ubuntu5.2 libavahi-client3 0.8-5ubuntu5.2 libavahi-common3 0.8-5ubuntu5.2 libavahi-core7 0.8-5ubuntu5.2 Ubuntu 20.04 LTS: avahi-daemon 0.7-4ubuntu7.3 libavahi-client3 0.7-4ubuntu7.3 libavahi-common3 0.7-4ubuntu7.3 libavahi-core7 0.7-4ubuntu7.3 Ubuntu 18.04 LTS (Available with Ubuntu Pro): avahi-daemon 0.7-3.1ubuntu1.3+esm2 libavahi-client3 0.7-3.1ubuntu1.3+esm2 libavahi-common3 0.7-3.1ubuntu1.3+esm2 libavahi-core7 0.7-3.1ubuntu1.3+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): avahi-daemon 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-client3 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-common3 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-core7 0.6.32~rc+dfsg-1ubuntu2.3+esm3 Ubuntu 14.04 LTS (Available with Ubuntu Pro): avahi-daemon 0.6.31-4ubuntu1.3+esm3 libavahi-client3 0.6.31-4ubuntu1.3+esm3 libavahi-common3 0.6.31-4ubuntu1.3+esm3 libavahi-core7 0.6.31-4ubuntu1.3+esm3 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6487-1
CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472,
CVE-2023-38473
Get the latest Linux and open source security news straight to your inbox.