UbuntuUpdates.org

Package "libavahi-client3"

Name: libavahi-client3

Description:

Avahi client library
Latest version: 0.8-13ubuntu6.2
Release: noble (24.04)
Level: security
Repository: main
Head package: avahi
Homepage: https://avahi.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libavahi-client3"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libavahi-client3" in Noble

Repository Area Version
base main 0.8-13ubuntu6
updates main 0.8-13ubuntu6.2

Changelog

Version: 0.8-13ubuntu6.2 2026-05-12 10:08:05 UTC

  avahi (0.8-13ubuntu6.2) noble-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2026-24401.patch: core: fix uncontrolled
      recursion bug using a simple loop detection algorithm
    - CVE-2026-24401
  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2026-34933-1.patch: core: refuse to accept
      publish flags where both wide_area and multicast are set
    - debian/patches/CVE-2026-34933-2.patch: tests: make sure
      AVAHI_PUBLISH_USE_WIDE_AREA is refused
    - CVE-2026-34933

 -- Allen Huang <email address hidden> Tue, 05 May 2026 15:32:41 +0100
Source diff to previous version
CVE-2026-24401 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daem
CVE-2026-34933 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileg

Version: 0.8-13ubuntu6.1 2026-01-19 16:26:02 UTC

  avahi (0.8-13ubuntu6.1) noble-security; urgency=medium

  * SECURITY UPDATE: Denial of service when creating a record browser.
    - debian/patches/CVE-2025-68276.patch: Add AVAHI_LOOKUP_USE_WIDE_AREA and
      wide area use check in avahi-core/browse.c.
    - CVE-2025-68276
  * SECURITY UPDATE: Denial of service after CNAME expiration.
    - debian/patches/CVE-2025-68468.patch: Remove assert in
      avahi-core/browse.c.
    - CVE-2025-68468
  * SECURITY UPDATE: Denial of service on receiving CNAME resource records.
    - debian/patches/CVE-2025-68471.patch: Change assert to return on
      wide_area check in avahi-core/browse.c.
    - CVE-2025-68471

 -- Hlib Korzhynskyy <email address hidden> Thu, 15 Jan 2026 12:42:01 -0330
CVE-2025-68276 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged
CVE-2025-68468 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can
CVE-2025-68471 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can


About   -   Send Feedback to @ubuntu_updates