#14866 closed enhancement (fixed)
Fix CVE-2021-3468 in Avahi
Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
---|---|---|---|
Priority: | elevated | Milestone: | 11.0 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
Arch has the following vulnerability noted in Avahi:
A security issue was found in avahi. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function. Denial of service can be triggered by writing long lines to /run/avahi-daemon/socket resulting in an unresponsive busy-loop of the daemon.
Unfortunately, this can be exploited via network-based printers.
Note:
See TracTickets
for help on using tickets.
I found a way to do these all via seds. They will be in my next commit.