ALSA-2024:2433

Source
https://errata.almalinux.org/9/ALSA-2024-2433.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2433.json
JSON Data
https://api.test.osv.dev/v1/vulns/ALSA-2024:2433
Related
Published
2024-04-30T00:00:00Z
Modified
2024-05-07T15:04:20Z
Summary
Moderate: avahi security update
Details

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers.

Security Fix(es):

  • avahi: Reachable assertion in avahidnspacketappendrecord (CVE-2023-38469)
  • avahi: Reachable assertion in avahiescapelabel (CVE-2023-38470)
  • avahi: Reachable assertion in dbussethost_name (CVE-2023-38471)
  • avahi: Reachable assertion in avahirdataparse (CVE-2023-38472)
  • avahi: Reachable assertion in avahialternativehost_name (CVE-2023-38473)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:9 / avahi

Package

Name
avahi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-20.el9

AlmaLinux:9 / avahi-compat-howl

Package

Name
avahi-compat-howl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-20.el9

AlmaLinux:9 / avahi-compat-howl-devel

Package

Name
avahi-compat-howl-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-20.el9

AlmaLinux:9 / avahi-compat-libdns_sd

Package

Name
avahi-compat-libdns_sd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-20.el9

AlmaLinux:9 / avahi-compat-libdns_sd-devel

Package

Name
avahi-compat-libdns_sd-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-20.el9

AlmaLinux:9 / avahi-devel

Package

Name
avahi-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-20.el9

AlmaLinux:9 / avahi-glib

Package

Name
avahi-glib

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-20.el9

AlmaLinux:9 / avahi-glib-devel

Package

Name
avahi-glib-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-20.el9

AlmaLinux:9 / avahi-libs

Package

Name
avahi-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-20.el9

AlmaLinux:9 / avahi-tools

Package

Name
avahi-tools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-20.el9