Moderate: avahi security update

2023-11-2822:42:52

Google

osv.dev

avahi

security update

dns service discovery

multicast dns

zero configuration networking

local network

service discovery

avahi-daemon

dbus

cve-2023-1981

rocky linux 8.9

release notes

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

Low

EPSS

Percentile

5.1%

JSON

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers.

Security Fix(es):

avahi: avahi-daemon can be crashed via DBus (CVE-2023-1981)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section.