An update for avahi is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1273
Final
1.0
1.0
2021-07-24
Initial
2021-07-24
2021-07-24
openEuler SA Tool V1.0
2021-07-24
avahi security update
An update for avahi is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared.
Security Fix(es):
Avahi 0.8 allows a local denial of service (NULL pointer dereference and daemon crash) against avahi-daemon via the D-Bus interface or a "ping .local" command.(CVE-2021-36217)
An update for avahi is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
avahi
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1273
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-36217
https://nvd.nist.gov/vuln/detail/CVE-2021-36217
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
avahi-compat-libdns_sd-devel-0.8-5.oe1.aarch64.rpm
avahi-dnsconfd-0.8-5.oe1.aarch64.rpm
avahi-debugsource-0.8-5.oe1.aarch64.rpm
avahi-ui-0.8-5.oe1.aarch64.rpm
avahi-0.8-5.oe1.aarch64.rpm
avahi-compat-libdns_sd-0.8-5.oe1.aarch64.rpm
avahi-tools-0.8-5.oe1.aarch64.rpm
avahi-libs-0.8-5.oe1.aarch64.rpm
avahi-devel-0.8-5.oe1.aarch64.rpm
avahi-ui-devel-0.8-5.oe1.aarch64.rpm
avahi-compat-howl-0.8-5.oe1.aarch64.rpm
avahi-ui-gtk3-0.8-5.oe1.aarch64.rpm
avahi-gobject-0.8-5.oe1.aarch64.rpm
avahi-glib-0.8-5.oe1.aarch64.rpm
avahi-compat-howl-devel-0.8-5.oe1.aarch64.rpm
avahi-debuginfo-0.8-5.oe1.aarch64.rpm
avahi-compat-libdns_sd-devel-0.8-5.oe1.aarch64.rpm
avahi-dnsconfd-0.8-5.oe1.aarch64.rpm
avahi-debugsource-0.8-5.oe1.aarch64.rpm
avahi-ui-0.8-5.oe1.aarch64.rpm
avahi-0.8-5.oe1.aarch64.rpm
avahi-compat-libdns_sd-0.8-5.oe1.aarch64.rpm
avahi-tools-0.8-5.oe1.aarch64.rpm
avahi-libs-0.8-5.oe1.aarch64.rpm
avahi-devel-0.8-5.oe1.aarch64.rpm
avahi-ui-devel-0.8-5.oe1.aarch64.rpm
avahi-compat-howl-0.8-5.oe1.aarch64.rpm
avahi-ui-gtk3-0.8-5.oe1.aarch64.rpm
avahi-gobject-0.8-5.oe1.aarch64.rpm
avahi-glib-0.8-5.oe1.aarch64.rpm
avahi-compat-howl-devel-0.8-5.oe1.aarch64.rpm
avahi-debuginfo-0.8-5.oe1.aarch64.rpm
avahi-help-0.8-5.oe1.noarch.rpm
avahi-help-0.8-5.oe1.noarch.rpm
avahi-0.8-5.oe1.src.rpm
avahi-0.8-5.oe1.src.rpm
avahi-0.8-5.oe1.x86_64.rpm
avahi-libs-0.8-5.oe1.x86_64.rpm
avahi-ui-0.8-5.oe1.x86_64.rpm
avahi-debugsource-0.8-5.oe1.x86_64.rpm
avahi-gobject-0.8-5.oe1.x86_64.rpm
avahi-compat-libdns_sd-devel-0.8-5.oe1.x86_64.rpm
avahi-debuginfo-0.8-5.oe1.x86_64.rpm
avahi-ui-devel-0.8-5.oe1.x86_64.rpm
avahi-dnsconfd-0.8-5.oe1.x86_64.rpm
avahi-devel-0.8-5.oe1.x86_64.rpm
avahi-compat-howl-0.8-5.oe1.x86_64.rpm
avahi-tools-0.8-5.oe1.x86_64.rpm
avahi-glib-0.8-5.oe1.x86_64.rpm
avahi-compat-libdns_sd-0.8-5.oe1.x86_64.rpm
avahi-compat-howl-devel-0.8-5.oe1.x86_64.rpm
avahi-ui-gtk3-0.8-5.oe1.x86_64.rpm
avahi-0.8-5.oe1.x86_64.rpm
avahi-libs-0.8-5.oe1.x86_64.rpm
avahi-ui-0.8-5.oe1.x86_64.rpm
avahi-debugsource-0.8-5.oe1.x86_64.rpm
avahi-gobject-0.8-5.oe1.x86_64.rpm
avahi-compat-libdns_sd-devel-0.8-5.oe1.x86_64.rpm
avahi-debuginfo-0.8-5.oe1.x86_64.rpm
avahi-ui-devel-0.8-5.oe1.x86_64.rpm
avahi-dnsconfd-0.8-5.oe1.x86_64.rpm
avahi-devel-0.8-5.oe1.x86_64.rpm
avahi-compat-howl-0.8-5.oe1.x86_64.rpm
avahi-tools-0.8-5.oe1.x86_64.rpm
avahi-glib-0.8-5.oe1.x86_64.rpm
avahi-compat-libdns_sd-0.8-5.oe1.x86_64.rpm
avahi-compat-howl-devel-0.8-5.oe1.x86_64.rpm
avahi-ui-gtk3-0.8-5.oe1.x86_64.rpm
Avahi 0.8 allows a local denial of service (NULL pointer dereference and daemon crash) against avahi-daemon via the D-Bus interface or a "ping .local" command.
2021-07-24
CVE-2021-36217
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
avahi security update
2021-07-24
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1273