Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#14866 closed enhancement (fixed)

Fix CVE-2021-3468 in Avahi

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: elevated Milestone: 11.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

Arch has the following vulnerability noted in Avahi:

A security issue was found in avahi. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function. Denial of service can be triggered by writing long lines to /run/avahi-daemon/socket resulting in an unresponsive busy-loop of the daemon.

Unfortunately, this can be exploited via network-based printers.

Change History (3)

comment:1 by Douglas R. Reno, 4 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

I found a way to do these all via seds. They will be in my next commit.

comment:2 by Douglas R. Reno, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r24440

comment:3 by Bruce Dubbs, 3 years ago

Milestone: 10.211.0

Milestone renamed

Note: See TracTickets for help on using tickets.