[ubuntu/lunar-security] avahi 0.8-6ubuntu1.23.04.2 (Accepted)

Nick Galanis nick.galanis at canonical.com
Mon Nov 20 14:55:37 UTC 2023


avahi (0.8-6ubuntu1.23.04.2) lunar-security; urgency=medium

  * SECURITY UPDATE: Reachable assertions exist in server functions of
    avahi-core
    - debian/patches/CVE-2023-38469-1.patch: reject overly long TXT 
      resource records
    - debian/patches/CVE-2023-38469-2.patch: tests: pass overly long TXT
      resource records
    - CVE-2023-38469

  * SECURITY UPDATE: Reachable assertions exist in domain functions in 
    avahi-common
    - debian/patches/CVE-2023-38470-1.patch: Ensure each label is at least
      one byte long
    - debian/patches/CVE-2023-38470-2.patch: bail out when escaped labels 
      can't fit into ret
    - CVE-2023-38470

  * SECURITY UPDATE: Reachable assertions exist in server functions in 
    avahi-core
    - debian/patches/CVE-2023-38471-1.patch: core: extract host name using
      avahi_unescape_label()
    - debian/patches/CVE-2023-38471-2.patch: core: return errors from 
      avahi_server_set_host_name properly
    - CVE-2023-38471

  * SECURITY UPDATE: Reachable assertions exist in dbus functions in 
    avahi-daemon
    - debian/patches/CVE-2023-38472.patch: core: make sure there is rdata 
      to process before parsing it
    - CVE-2023-38472

  * SECURITY UPDATE: Reachable assertions exist in alternative functions 
    in avahi-common
    - debian/patches/CVE-2023-38473.patch: common: derive alternative host
      name from its unescaped version
    - CVE-2023-38473

Date: 2023-11-20 12:46:12.175870+00:00
Changed-By: Nick Galanis <nick.galanis at canonical.com>
https://launchpad.net/ubuntu/+source/avahi/0.8-6ubuntu1.23.04.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the lunar-changes mailing list