drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Avahi
| Name: |
Mehrere Probleme in Avahi |
|
| ID: |
USN-6487-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04, Ubuntu 16.04 LTS (Available with Ubuntu Pro), Ubuntu 14.04 LTS (Available with Ubuntu Pro), Ubuntu 18.04 LTS (Available with Ubuntu Pro), Ubuntu 23.10 |
|
| Datum: |
Mo, 20. November 2023, 20:39 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38472 |
|
| Applikationen: |
Avahi |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8297261144583223663==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------GxQ0isGMn9DJoaGxXU1JzbMS"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------GxQ0isGMn9DJoaGxXU1JzbMS
Content-Type: multipart/mixed;
boundary="------------Xqm80eifu91n0AxHdE7MknFH";
protected-headers="v1"
From: Nick Galanis <nick.galanis@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <91fd8cb6-b025-4e7b-a593-731b859902b1@canonical.com>
Subject: [USN-6487-1] Avahi vulnerabilities
--------------Xqm80eifu91n0AxHdE7MknFH
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
==========================================================================
Ubuntu Security Notice USN-6487-1
November 20, 2023
avahi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Avahi could be made to crash if it received specially crafted
input.
Software Description:
- avahi: IPv4LL network address configuration daemon
Details:
Evgeny Vereshchagin discovered that Avahi contained several reachable
assertions, which could lead to intentional assertion failures when
specially crafted user input was given. An attacker could possibly use
this issue to cause a denial of service. (CVE-2023-38469, CVE-2023-38470,
CVE-2023-38471, CVE-2023-38472, CVE-2023-38473)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
avahi-daemon 0.8-10ubuntu1.1
libavahi-client3 0.8-10ubuntu1.1
libavahi-common3 0.8-10ubuntu1.1
libavahi-core7 0.8-10ubuntu1.1
Ubuntu 23.04:
avahi-daemon 0.8-6ubuntu1.23.04.2
libavahi-client3 0.8-6ubuntu1.23.04.2
libavahi-common3 0.8-6ubuntu1.23.04.2
libavahi-core7 0.8-6ubuntu1.23.04.2
Ubuntu 22.04 LTS:
avahi-daemon 0.8-5ubuntu5.2
libavahi-client3 0.8-5ubuntu5.2
libavahi-common3 0.8-5ubuntu5.2
libavahi-core7 0.8-5ubuntu5.2
Ubuntu 20.04 LTS:
avahi-daemon 0.7-4ubuntu7.3
libavahi-client3 0.7-4ubuntu7.3
libavahi-common3 0.7-4ubuntu7.3
libavahi-core7 0.7-4ubuntu7.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
avahi-daemon 0.7-3.1ubuntu1.3+esm2
libavahi-client3 0.7-3.1ubuntu1.3+esm2
libavahi-common3 0.7-3.1ubuntu1.3+esm2
libavahi-core7 0.7-3.1ubuntu1.3+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
avahi-daemon 0.6.32~rc+dfsg-1ubuntu2.3+esm3
libavahi-client3 0.6.32~rc+dfsg-1ubuntu2.3+esm3
libavahi-common3 0.6.32~rc+dfsg-1ubuntu2.3+esm3
libavahi-core7 0.6.32~rc+dfsg-1ubuntu2.3+esm3
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
avahi-daemon 0.6.31-4ubuntu1.3+esm3
libavahi-client3 0.6.31-4ubuntu1.3+esm3
libavahi-common3 0.6.31-4ubuntu1.3+esm3
libavahi-core7 0.6.31-4ubuntu1.3+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6487-1
CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472,
CVE-2023-38473
Package Information:
https://launchpad.net/ubuntu/+source/avahi/0.8-10ubuntu1.1
https://launchpad.net/ubuntu/+source/avahi/0.8-6ubuntu1.23.04.2
https://launchpad.net/ubuntu/+source/avahi/0.8-5ubuntu5.2
https://launchpad.net/ubuntu/+source/avahi/0.7-4ubuntu7.3
--------------Xqm80eifu91n0AxHdE7MknFH--
--------------GxQ0isGMn9DJoaGxXU1JzbMS
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEE5rkwSLC9ntq84w397Dtram9gyMMFAmVbkZMFAwAAAAAACgkQ7Dtram9gyMM9
EwgAgWhkfc9vo4jFvcKExtLfhZe1EyBY7nb1TSHJJCUeaZxyPD1JRbWG+Ul2LXwPW+Aa+Cv6x5QN
jDWWkEb+KUilKctDHwEsB34GMa6i8yW0dFw1AxJ5+p/NyjlV3PN5nXMnWgtQ2HRNVEIBgxTJ7YI8
+0x5W1FIbM6wedzx23lnIDZYWdeanrHhVOEhfK+9jfMe5lVEAa9WrW5eCcu/nGmR4MOKV2xctgNK
JRE/hkbwQPkAbE40ZmSUyfYOgGdADPU4NojDxGA6fbdtwFQb6OR3SV0pgEM3i/7OsMBxkHga/WTE
p8ntAJnHyAt2T9L9ZGUBKNB876iXvQNpIj+GAgU1VA==
=zvOf
-----END PGP SIGNATURE-----
--------------GxQ0isGMn9DJoaGxXU1JzbMS--
--===============8297261144583223663==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
Cg==
--===============8297261144583223663==--
|
|
|
|
