Univention Bugzilla – Bug 56199
avahi: Multiple issues (5.0)
Last modified: 2023-06-28 13:52:11 CEST
New Debian avahi 0.7-4+deb10u3 fixes: This update addresses the following issue: 0.7-4+deb10u3 (Wed, 21 Jun 2023 19:29:18 +0000) * Non-maintainer upload by the Debian LTS security team. * CVE-2021-3468: the event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop.
--- mirror/ftp/pool/main/a/avahi/avahi_0.7-4+deb10u2.dsc +++ apt/ucs_5.0-0-errata5.0-4/source/avahi_0.7-4+deb10u3.dsc @@ -1,3 +1,12 @@ +0.7-4+deb10u3 [Wed, 21 Jun 2023 19:29:18 +0000] Bastien Roucariès <rouca@debian.org>: + + * Non-maintainer upload by the Debian LTS security team. + * CVE-2021-3468: the event used to signal the termination + of the client connection on the avahi Unix socket is not + correctly handled in the client_work function, allowing a + local attacker to trigger an infinite loop. + (Closes: #984938) + 0.7-4+deb10u2 [Tue, 02 May 2023 10:57:53 -0700] Chris Lamb <lamby@debian.org>: * Non-maintainer upload by the Debian LTS security team. <http://piuparts.knut.univention.de/5.0-4/#8138583129726941761>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-4] e7e8aa2c3c Bug #56199: avahi 0.7-4+deb10u3 doc/errata/staging/avahi.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) [5.0-4] 8f7e7882de Bug #56199: avahi 0.7-4+deb10u3 doc/errata/staging/avahi.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x717>