UbuntuUpdates.org

Package "avahi"

Name: avahi

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Service discover user interface for avahi
  • Avahi DNS configuration tool
  • Avahi GTK+ utilities
  • Python utility package for Avahi
Latest version: 0.8-10ubuntu1.1
Release: mantic (23.10)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "avahi" in Mantic

Repository Area Version
base universe 0.8-10ubuntu1
base main 0.8-10ubuntu1
security main 0.8-10ubuntu1.1
security universe 0.8-10ubuntu1.1
updates main 0.8-10ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.8-10ubuntu1.1 2023-11-20 18:08:12 UTC

  avahi (0.8-10ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: Reachable assertions exist in server functions of
    avahi-core
    - debian/patches/CVE-2023-38469-1.patch: reject overly long TXT
      resource records
    - debian/patches/CVE-2023-38469-2.patch: tests: pass overly long TXT
      resource records
    - CVE-2023-38469

  * SECURITY UPDATE: Reachable assertions exist in domain functions in
    avahi-common
    - debian/patches/CVE-2023-38470-1.patch: Ensure each label is at least
      one byte long
    - debian/patches/CVE-2023-38470-2.patch: bail out when escaped labels
      can't fit into ret
    - CVE-2023-38470

  * SECURITY UPDATE: Reachable assertions exist in server functions in
    avahi-core
    - debian/patches/CVE-2023-38471-1.patch: core: extract host name using
      avahi_unescape_label()
    - debian/patches/CVE-2023-38471-2.patch: core: return errors from
      avahi_server_set_host_name properly
    - CVE-2023-38471

  * SECURITY UPDATE: Reachable assertions exist in dbus functions in
    avahi-daemon
    - debian/patches/CVE-2023-38472.patch: core: make sure there is rdata
      to process before parsing it
    - CVE-2023-38472

  * SECURITY UPDATE: Reachable assertions exist in alternative functions
    in avahi-common
    - debian/patches/CVE-2023-38473.patch: common: derive alternative host
      name from its unescaped version
    - CVE-2023-38473

 -- Nick Galanis <email address hidden> Mon, 20 Nov 2023 14:12:43 +0200
CVE-2023-38469 A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
CVE-2023-38470 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
CVE-2023-38471 A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
CVE-2023-38472 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
CVE-2023-38473 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.


About   -   Send Feedback to @ubuntu_updates