alsa-2023:7836
Vulnerability from osv_almalinux
Published
2023-12-14 00:00
Modified
2023-12-15 09:22
Summary
Moderate: avahi security update
Details
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers.
Security Fix(es):
- avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket (CVE-2021-3468)
- avahi: Reachable assertion in avahi_dns_packet_append_record (CVE-2023-38469)
- avahi: Reachable assertion in avahi_escape_label (CVE-2023-38470)
- avahi: Reachable assertion in dbus_set_host_name (CVE-2023-38471)
- avahi: Reachable assertion in avahi_rdata_parse (CVE-2023-38472)
- avahi: Reachable assertion in avahi_alternative_host_name (CVE-2023-38473)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-autoipd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-compat-howl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-compat-howl-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-compat-libdns_sd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-compat-libdns_sd-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-glib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-glib-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-gobject"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-gobject-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-ui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-ui-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "avahi-ui-gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-avahi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7-21.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers.\n\nSecurity Fix(es):\n\n* avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket (CVE-2021-3468)\n* avahi: Reachable assertion in avahi_dns_packet_append_record (CVE-2023-38469)\n* avahi: Reachable assertion in avahi_escape_label (CVE-2023-38470)\n* avahi: Reachable assertion in dbus_set_host_name (CVE-2023-38471)\n* avahi: Reachable assertion in avahi_rdata_parse (CVE-2023-38472)\n* avahi: Reachable assertion in avahi_alternative_host_name (CVE-2023-38473)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:7836",
"modified": "2023-12-15T09:22:34Z",
"published": "2023-12-14T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:7836"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-3468"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-38469"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-38470"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-38471"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-38472"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-38473"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1939614"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2191687"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2191690"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2191691"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2191692"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2191694"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-7836.html"
}
],
"related": [
"CVE-2021-3468",
"CVE-2023-38469",
"CVE-2023-38470",
"CVE-2023-38471",
"CVE-2023-38472",
"CVE-2023-38473"
],
"summary": "Moderate: avahi security update"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…