CentOS ProjectCESA-2020:1176avahi security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
93.7%
CentOS Errata and Security Advisory CESA-2020:1176
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers.
Security Fix(es):
- avahi: Multicast DNS responds to unicast queries outside of local network (CVE-2017-6519)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032481.html
Affected packages:
avahi
avahi-autoipd
avahi-compat-howl
avahi-compat-howl-devel
avahi-compat-libdns_sd
avahi-compat-libdns_sd-devel
avahi-devel
avahi-dnsconfd
avahi-glib
avahi-glib-devel
avahi-gobject
avahi-gobject-devel
avahi-libs
avahi-qt3
avahi-qt3-devel
avahi-qt4
avahi-qt4-devel
avahi-tools
avahi-ui
avahi-ui-devel
avahi-ui-gtk3
avahi-ui-tools
Upstream details at:
https://access.redhat.com/errata/RHSA-2020:1176
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 7 | i686 | avahi | < 0.6.31-20.el7 | avahi-0.6.31-20.el7.i686.rpm |
| CentOS | 7 | x86_64 | avahi | < 0.6.31-20.el7 | avahi-0.6.31-20.el7.x86_64.rpm |
| CentOS | 7 | x86_64 | avahi-autoipd | < 0.6.31-20.el7 | avahi-autoipd-0.6.31-20.el7.x86_64.rpm |
| CentOS | 7 | i686 | avahi-compat-howl | < 0.6.31-20.el7 | avahi-compat-howl-0.6.31-20.el7.i686.rpm |
| CentOS | 7 | x86_64 | avahi-compat-howl | < 0.6.31-20.el7 | avahi-compat-howl-0.6.31-20.el7.x86_64.rpm |
| CentOS | 7 | i686 | avahi-compat-howl-devel | < 0.6.31-20.el7 | avahi-compat-howl-devel-0.6.31-20.el7.i686.rpm |
| CentOS | 7 | x86_64 | avahi-compat-howl-devel | < 0.6.31-20.el7 | avahi-compat-howl-devel-0.6.31-20.el7.x86_64.rpm |
| CentOS | 7 | i686 | avahi-compat-libdns_sd | < 0.6.31-20.el7 | avahi-compat-libdns_sd-0.6.31-20.el7.i686.rpm |
| CentOS | 7 | x86_64 | avahi-compat-libdns_sd | < 0.6.31-20.el7 | avahi-compat-libdns_sd-0.6.31-20.el7.x86_64.rpm |
| CentOS | 7 | i686 | avahi-compat-libdns_sd-devel | < 0.6.31-20.el7 | avahi-compat-libdns_sd-devel-0.6.31-20.el7.i686.rpm |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
93.7%