UbuntuUpdates.org

Package "avahi"

Name: avahi

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Avahi IPv4LL network address configuration daemon
  • Service discover user interface for avahi
  • Avahi DNS configuration tool
  • Avahi GTK+ utilities
Latest version: 0.8-16ubuntu3.2
Release: questing (25.10)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "avahi" in Questing

Repository Area Version
base main 0.8-16ubuntu3
base universe 0.8-16ubuntu3
security main 0.8-16ubuntu3.2
updates main 0.8-16ubuntu3.2
updates universe 0.8-16ubuntu3.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.8-16ubuntu3.2 2026-05-12 10:08:12 UTC

  avahi (0.8-16ubuntu3.2) questing-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2026-24401.patch: core: fix uncontrolled
      recursion bug using a simple loop detection algorithm
    - CVE-2026-24401
  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2026-34933-1.patch: core: refuse to accept
      publish flags where both wide_area and multicast are set
    - debian/patches/CVE-2026-34933-2.patch: tests: make sure
      AVAHI_PUBLISH_USE_WIDE_AREA is refused
    - CVE-2026-34933

 -- Allen Huang <email address hidden> Tue, 05 May 2026 13:14:47 +0100
Source diff to previous version
CVE-2026-24401 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daem
CVE-2026-34933 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileg

Version: 0.8-16ubuntu3.1 2026-01-19 16:26:04 UTC

  avahi (0.8-16ubuntu3.1) questing-security; urgency=medium

  * SECURITY UPDATE: Denial of service when creating a record browser.
    - debian/patches/CVE-2025-68276.patch: Add AVAHI_LOOKUP_USE_WIDE_AREA and
      wide area use check in avahi-core/browse.c.
    - CVE-2025-68276
  * SECURITY UPDATE: Denial of service after CNAME expiration.
    - debian/patches/CVE-2025-68468.patch: Remove assert in
      avahi-core/browse.c.
    - CVE-2025-68468
  * SECURITY UPDATE: Denial of service on receiving CNAME resource records.
    - debian/patches/CVE-2025-68471.patch: Change assert to return on
      wide_area check in avahi-core/browse.c.
    - CVE-2025-68471

 -- Hlib Korzhynskyy <email address hidden> Thu, 15 Jan 2026 11:54:54 -0330
CVE-2025-68276 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged
CVE-2025-68468 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can
CVE-2025-68471 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can


About   -   Send Feedback to @ubuntu_updates