UbuntuUpdates.org

Package "avahi"

Name: avahi

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Service discover user interface for avahi
  • Avahi DNS configuration tool
  • Avahi GTK+ utilities
  • Python utility package for Avahi
Latest version: 0.8-5ubuntu5.3
Release: jammy (22.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "avahi" in Jammy

Repository Area Version
base main 0.8-5ubuntu5
base universe 0.8-5ubuntu5
security main 0.8-5ubuntu5.2
security universe 0.8-5ubuntu5.2
updates main 0.8-5ubuntu5.3
proposed main 0.8-5ubuntu5.3
proposed universe 0.8-5ubuntu5.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.8-5ubuntu5.3 2025-11-25 19:07:31 UTC

  avahi (0.8-5ubuntu5.3) jammy; urgency=medium

  * Do not disable timeout cleanup on watch cleanup. This was causing timeouts
    to never be removed from the linked list that tracks them, resulting in both
    memory and CPU usage to grow larger over time. (LP: #1799265)
    - d/p/lp1799265-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch

 -- Trent Lloyd <email address hidden> Mon, 20 Oct 2025 07:57:45 +0000
Source diff to previous version
1799265 avahi-daemon high cpu, unusable networking

Version: 0.8-5ubuntu5.2 2023-11-20 18:07:54 UTC

  avahi (0.8-5ubuntu5.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Reachable assertions exist in server functions of
    avahi-core
    - debian/patches/CVE-2023-38469-1.patch: reject overly long TXT
      resource records
    - debian/patches/CVE-2023-38469-2.patch: tests: pass overly long TXT
      resource records
    - CVE-2023-38469

  * SECURITY UPDATE: Reachable assertions exist in domain functions in
    avahi-common
    - debian/patches/CVE-2023-38470-1.patch: Ensure each label is at least
      one byte long
    - debian/patches/CVE-2023-38470-2.patch: bail out when escaped labels
      can't fit into ret
    - CVE-2023-38470

  * SECURITY UPDATE: Reachable assertions exist in server functions in
    avahi-core
    - debian/patches/CVE-2023-38471-1.patch: core: extract host name using
      avahi_unescape_label()
    - debian/patches/CVE-2023-38471-2.patch: core: return errors from
      avahi_server_set_host_name properly
    - CVE-2023-38471

  * SECURITY UPDATE: Reachable assertions exist in dbus functions in
    avahi-daemon
    - debian/patches/CVE-2023-38472.patch: core: make sure there is rdata
      to process before parsing it
    - CVE-2023-38472

  * SECURITY UPDATE: Reachable assertions exist in alternative functions
    in avahi-common
    - debian/patches/CVE-2023-38473.patch: common: derive alternative host
      name from its unescaped version
    - CVE-2023-38473

 -- Nick Galanis <email address hidden> Thu, 16 Nov 2023 16:37:03 +0000
Source diff to previous version
CVE-2023-38469 A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
CVE-2023-38470 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
CVE-2023-38471 A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
CVE-2023-38472 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
CVE-2023-38473 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.

Version: 0.8-5ubuntu5.1 2023-06-01 18:07:02 UTC

  avahi (0.8-5ubuntu5.1) jammy-security; urgency=medium

  * SECURITY UPDATE: avahi-daemon can be crashed via DBus
    - debian/patches/CVE-2023-1981.patch: emit error if requested service
      is not found in avahi-daemon/dbus-protocol.c.
    - CVE-2023-1981

 -- Marc Deslauriers <email address hidden> Wed, 31 May 2023 09:57:11 -0400
CVE-2023-1981 A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.


About   -   Send Feedback to @ubuntu_updates