USN-6129-2: Avahi vulnerability
25 July 2023
Avahi could be made to crash if it received specially crafted DBus traffic.
Releases
Packages
- avahi - IPv4LL network address configuration daemon
Details
USN-6129-1 fixed a vulnerability in Avahi. This update provides the
corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04
LTS.
Original advisory details:
It was discovered that Avahi incorrectly handled certain DBus messages. A
local attacker could possibly use this issue to cause Avahi to crash,
resulting in a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
avahi-daemon
-
0.7-3.1ubuntu1.3+esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
avahi-daemon
-
0.6.32~rc+dfsg-1ubuntu2.3+esm2
Available with Ubuntu Pro
Ubuntu 14.04
-
avahi-daemon
-
0.6.31-4ubuntu1.3+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6129-1: libavahi-core7, libavahi-client3, libavahi-client-dev, python3-avahi, libavahi-glib-dev, avahi-daemon, libavahi-compat-libdnssd1, avahi-autoipd, avahi, libavahi-gobject-dev, libavahi-ui-gtk3-dev, avahi-ui-utils, libavahi-ui-gtk3-0, avahi-dnsconfd, libavahi-common3, libavahi-compat-libdnssd-dev, gir1.2-avahi-0.6, avahi-utils, libavahi-common-dev, avahi-discover, libavahi-common-data, libavahi-core-dev, libavahi-glib1, libavahi-gobject0, python-avahi