Opened 4 months ago

Closed 4 months ago

#14866 closed enhancement (fixed)

Fix CVE-2021-3468 in Avahi

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: elevated Milestone: 10.2
Component: BOOK Version: SVN
Severity: normal Keywords:


Arch has the following vulnerability noted in Avahi:

A security issue was found in avahi. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function. Denial of service can be triggered by writing long lines to /run/avahi-daemon/socket resulting in an unresponsive busy-loop of the daemon.

Unfortunately, this can be exploited via network-based printers.

Change History (2)

comment:1 by Douglas R. Reno, 4 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

I found a way to do these all via seds. They will be in my next commit.

comment:2 by Douglas R. Reno, 4 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r24440

Note: See TracTickets for help on using tickets.