Context Navigation

← Previous Ticket
Next Ticket →

#14866 closed enhancement (fixed)

Fix CVE-2021-3468 in Avahi

Reported by:	Douglas R. Reno	Owned by:	Douglas R. Reno
Priority:	elevated	Milestone:	11.0
Component:	BOOK	Version:	SVN
Severity:	normal	Keywords:
Cc:

Description

Arch has the following vulnerability noted in Avahi:

A security issue was found in avahi. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function. Denial of service can be triggered by writing long lines to /run/avahi-daemon/socket resulting in an unresponsive busy-loop of the daemon.

Unfortunately, this can be exploited via network-based printers.

Change History (3)

comment:1 by Douglas R. Reno, 3 years ago

Owner:	changed from blfs-book to Douglas R. Reno
Status:	new → assigned

I found a way to do these all via seds. They will be in my next commit.

comment:2 by Douglas R. Reno, 3 years ago

Resolution:	→ fixed
Status:	assigned → closed

Fixed at r24440

comment:3 by Bruce Dubbs, 3 years ago

Milestone:	10.2 → 11.0

Milestone renamed

Note: See TracTickets for help on using tickets.

Download in other formats: