1. Ubuntu Security Notices
  2. USN-7967-1

USN-7967-1: Avahi vulnerabilities

Publication date

19 January 2026

Overview

Several security issues were fixed in Avahi.

Releases

Packages

  • avahi - IPv4LL network address configuration daemon

Details

It was discovered that Avahi incorrectly terminated when processing browser
records with wide-area disabled. An attacker could possibly use this issue
to cause Avahi to crash, resulting in a denial of service. (CVE-2025-68276)

It was discovered that Avahi incorrectly terminated when processing
unsolicited CNAME records pointing to resource records with short TTLs. An
attacker could possibly use this issue to cause Avahi to crash, resulting
in a denial of service. (CVE-2025-68468)

It was discovered that Avahi incorrectly terminated when processing
unsolicited CNAME records in quick succession. An attacker could possibly
use this issue to cause Avahi to crash, resulting in a denial of service.
(CVE-2025-68471)

It was discovered that Avahi incorrectly terminated when processing browser
records with wide-area disabled. An attacker could possibly use this issue
to cause Avahi to crash, resulting in a denial of service. (CVE-2025-68276)

It was discovered that Avahi incorrectly terminated when processing
unsolicited CNAME records pointing to resource records with short TTLs. An
attacker could possibly use this issue to cause Avahi to crash, resulting
in a denial of service. (CVE-2025-68468)

It was discovered that Avahi incorrectly terminated when processing
unsolicited CNAME records in quick succession. An attacker could possibly
use this issue to cause Avahi to crash, resulting in a denial of service.
(CVE-2025-68471)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
25.10 questing avahi-daemon –  0.8-16ubuntu3.1
24.04 LTS noble avahi-daemon –  0.8-13ubuntu6.1
22.04 LTS jammy avahi-daemon –  0.8-5ubuntu5.4
20.04 LTS focal avahi-daemon –  0.7-4ubuntu7.3+esm1  
18.04 LTS bionic avahi-daemon –  0.7-3.1ubuntu1.3+esm3  
16.04 LTS xenial avahi-daemon –  0.6.32~rc+dfsg-1ubuntu2.3+esm4  
14.04 LTS trusty avahi-daemon –  0.6.31-4ubuntu1.3+esm4  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›