avahi-0.8-15.el9
エラータID: AXSA:2023-6723:02
リリース日:
2023/12/07 Thursday - 11:59
題名:
avahi-0.8-15.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Avahi の client_work() 関数には、無限ループの発生に至る問題が
あるため、ローカルの攻撃者により、UNIX ドメインソケットを
経由したクライアントからの接続の終了通知を介して、サービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2021-3468)
- Avahi の avahi_s_host_name_resolver_start() 関数には、意図
せずアサーションに失敗してしまう問題があるため、ローカルの
攻撃者により、ソケットもしくは DBus を経由した無効なホスト名
解決のリクエストの送信を介して、サービス拒否攻撃 (クラッシュ
の発生) を可能とする脆弱性が存在します。(CVE-2021-3502)
- Avahi デーモンには、認証されていないローカルの攻撃者により、
DBus 経由での呼び出しを介して、サービス拒否攻撃 (クラッシュ
の発生) を可能とする脆弱性が存在します。(CVE-2023-1981)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-3468
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
CVE-2021-3502
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
CVE-2023-1981
A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.
A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.
追加情報:
N/A
ダウンロード:
SRPMS
- avahi-0.8-15.el9.src.rpm
MD5: 216f1a5683a977bb5cbc95387f3ccd53
SHA-256: 304b4a36b9bc752a304c0d4baedb5e0dff9343c550bfae7ab799cf5018435dcc
Size: 1.54 MB
Asianux Server 9 for x86_64
- avahi-0.8-15.el9.i686.rpm
MD5: e7fe4f6b2ec2145f7f8eea2eccd525c5
SHA-256: 0057d32cd7bb211bb337ae8b8127f5463ddfb348f615afe15107d37c9b456d5a
Size: 299.87 kB - avahi-0.8-15.el9.x86_64.rpm
MD5: 83ed4e888920b400ccdee9e1096c4646
SHA-256: 0281d858298a1aa5eeb786146805b35cf826e6da3be52aaa03063d39fa8aa2ba
Size: 286.92 kB - avahi-compat-howl-0.8-15.el9.i686.rpm
MD5: 3ea55022824664ae8f83c5c27c2be8ec
SHA-256: f0bedcc49844f7e59237125ce2220bbb807c0e9b9365d4afa6bc51a7bd98aeb6
Size: 28.77 kB - avahi-compat-howl-0.8-15.el9.x86_64.rpm
MD5: 70bb2777c6f5025e0021175f7b5db11c
SHA-256: f51d904442ff654717bd6a4f957f3dc7692e66232da8e30e0c27a59d0cd03058
Size: 27.61 kB - avahi-compat-howl-devel-0.8-15.el9.i686.rpm
MD5: bbc950011f467ff0a161c8bf671162f5
SHA-256: 9f7660be499c469cb099f45e6caac30db65320f9bb324c9c127991319cf8e8b4
Size: 20.17 kB - avahi-compat-howl-devel-0.8-15.el9.x86_64.rpm
MD5: b7e03e0b985e23666f1f613ce8f6a5a5
SHA-256: f95fabbb739ae98327c024829332be9fa6dd789ed3045275cba71e75900ffe9a
Size: 20.16 kB - avahi-compat-libdns_sd-0.8-15.el9.i686.rpm
MD5: beefb776cd0e6629bbaa3a0cc29cef0d
SHA-256: d159234281009fdc4f88f67be83d3f385f59060b284dbc61cb16d0c2f6bc473d
Size: 23.79 kB - avahi-compat-libdns_sd-0.8-15.el9.x86_64.rpm
MD5: be335ef75b83a2ab7b9ed4a438bfc198
SHA-256: 9ee82be5367ebfc692b81c5567e533126ffa02f8338c2cd7bcf783ef4d6b34e4
Size: 23.09 kB - avahi-compat-libdns_sd-devel-0.8-15.el9.i686.rpm
MD5: d3928a02f1f70835c1865b236e8380f8
SHA-256: 57afee6e4c4e3d956f354c1b28756376d89d3e6f0a8ec4134ea2d7eb6bee9d32
Size: 24.02 kB - avahi-compat-libdns_sd-devel-0.8-15.el9.x86_64.rpm
MD5: d963f87852e46eb4af4add6c9fcf698e
SHA-256: db5648b32462786871128c4b308a3a55c77939f896f406c3d7453372e721bb43
Size: 24.01 kB - avahi-devel-0.8-15.el9.i686.rpm
MD5: 48a55803db40548e7818e07c81403f6e
SHA-256: 62d6f001bfbc593f5b931ec88d339fac21a8502a5eae479484e35f9def840858
Size: 36.53 kB - avahi-devel-0.8-15.el9.x86_64.rpm
MD5: 95be63b72d1ecfb6768d3f2820ee45a2
SHA-256: 7f4673a34d216285ed174218145ceeaa5c67e31298f989feadcff5773a748260
Size: 36.54 kB - avahi-glib-0.8-15.el9.i686.rpm
MD5: ace18e5457c95016ba882f257929908e
SHA-256: e3f32a93fb8b4ace64767538e4d8d7e6155c09bad80b5709eeb98b16ace627ce
Size: 13.81 kB - avahi-glib-0.8-15.el9.x86_64.rpm
MD5: d7b28b1a6bf392fc928cad865ce77917
SHA-256: 9595d39e8f5d355ed97cad87f5d38602422befefc876e0998716c6b4a148a15e
Size: 13.20 kB - avahi-glib-devel-0.8-15.el9.i686.rpm
MD5: 2443f28f329f288df45175d2e4ddbd3b
SHA-256: 30a5383dd9c63591e4a59d8e9e7db29cf4a642dd03ce315a6b2702293502482a
Size: 8.97 kB - avahi-glib-devel-0.8-15.el9.x86_64.rpm
MD5: 745fd2bf790ed77cd0c0df342c9c7df6
SHA-256: 357a60f8ed815e786a0fac16881f0ab44c70ee73a1968a153a8eec9278d8c866
Size: 8.96 kB - avahi-libs-0.8-15.el9.i686.rpm
MD5: 9d7b8e46371a712cca0017f346ce3a84
SHA-256: a8fba35b43833e2cfa19c5371d36ffbec1114a1c500df1ad41f420247df1b8a5
Size: 70.20 kB - avahi-libs-0.8-15.el9.x86_64.rpm
MD5: 8af88703796f547e67f262ae7ee34c5f
SHA-256: c2a6c1aba4195c4999488f87ec16bc36d217c068700aa94e2c1862d67e825e8d
Size: 65.79 kB - avahi-tools-0.8-15.el9.x86_64.rpm
MD5: 693f3d31898d2884f109101d643b67c1
SHA-256: ad7ad4e835e5ec00f68b2af9c705e2b73fe3552b33a7ad690f8a842e1eb464ee
Size: 37.38 kB