You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa avahi

Sigurnosni nedostaci programskog paketa avahi

by - 0

==========================================================================
Ubuntu Security Notice USN-3876-1
January 31, 2019

avahi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Avahi.

Software Description:
– avahi: Avahi IPv4LL network address configuration daemon

Details:

Chad Seaman discovered that Avahi incorrectly handled certain messages.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-6519, CVE-2018-1000845)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  avahi-daemon                    0.7-4ubuntu2.1
  libavahi-core7                  0.7-4ubuntu2.1

Ubuntu 18.04 LTS:
  avahi-daemon                    0.7-3.1ubuntu1.2
  libavahi-core7                  0.7-3.1ubuntu1.2

Ubuntu 16.04 LTS:
  avahi-daemon                    0.6.32~rc+dfsg-1ubuntu2.3
  libavahi-core7                  0.6.32~rc+dfsg-1ubuntu2.3

Ubuntu 14.04 LTS:
  avahi-daemon                    0.6.31-4ubuntu1.3
  libavahi-core7                  0.6.31-4ubuntu1.3

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3876-1
  CVE-2017-6519, CVE-2018-1000845

Package Information:
  https://launchpad.net/ubuntu/+source/avahi/0.7-4ubuntu2.1
  https://launchpad.net/ubuntu/+source/avahi/0.7-3.1ubuntu1.2
  https://launchpad.net/ubuntu/+source/avahi/0.6.32~rc+dfsg-1ubuntu2.3
  https://launchpad.net/ubuntu/+source/avahi/0.6.31-4ubuntu1.3—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJcUu95AAoJEEW851uECx9pB3sP/2pEQ4hDpXPoTH0ME4hThrqb
HZFXYyxd4yUx+2+PUTOrpEiXCu3vi9kAdktMrhe7nsdFCWYndbGHzpLg8ZVaVegt
Hkk7fDIhQb/foOu7JB7Kk4JuhOt+UfwMAkX3b7QI/yImYRE/Wp/Dw5YLNH0kqmCd
i4cI2Kc1cG4HQJFWRGZgupJZLfn4V0oQWx9/j8kdB0+WA8UEMFF/NKRlqZevODkR
C58Cl2VM0GgUNQ6K4Zkp9/kZwVyo9zHrnKLKz8GE5iNuaIOxPjA3tfeHztcyT6j2
5u7Rxkf2N2/zhAGI4tpdR2p6DGoV3K8rVstjF+FertwV7jkvBWKsyfuYlP1U5Yx9
y5LAKBfem9Q4kOniUS88XvcWy6UhDR8Wp8OcyXduqusKKWFKoAFV2gN7AtRNNfUi
/iX0Vb8XiffnUnnwqsoDABW2XgUJKzhJsGlnz95WAuSsKWyrAlB1NkTPzQIfpR+X
BTArltXwIe0y2q14w3vdyDiFxV6mWVSEejy3vn6stnMhDvdF50N6njKn2J8PT/6q
VrdUQLuHVUFzx1yK2e6XAOpqaFvS1811Losc8f/j/tLT1dYnI46YlEvphBStVEPe
lhnD9pRfVA0WmIKyyOb7aSa1odPATiBlO9cLSla2hX76W9dRnuy1twTw4A4G6KZ6
j3XzB5gf4eMR5MO5CDwl
=BPiN
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3876-2
January 31, 2019

avahi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Avahi.

Software Description:
– avahi: Avahi IPv4LL network address configuration daemon

Details:

USN-3876-1 fixed a vulnerability in Avahi. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Chad Seaman discovered that Avahi incorrectly handled certain
messages.
 An attacker could possibly use this issue to cause a denial of
service.
 (CVE-2017-6519, CVE-2018-1000845)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  avahi-daemon                    0.6.30-5ubuntu2.3
  libavahi-core7                  0.6.30-5ubuntu2.3

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3876-2
  https://usn.ubuntu.com/usn/usn-3876-1
  CVE-2017-6519, CVE-2018-1000845—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJcUviSAAoJEEW851uECx9pIL4P/j5cTHTq0ufHNjLTNjNUE7RC
aw8UNkcW1OqfODMvngMyT+s7q0uTCnz6sRhtP2PMmvCSh6ryY7Anc8eNFU86t8JY
2O0zTVY7gpXvWNUpszu0TDswhxNQSpHyxMyit7lbLxuf41vh8CIBctRFoffNRkKB
wN3eveGR5qwy1EKGTlAeiaz063Gn27hJF13vGtEa+lFEkUo6fTsrXEXhI3mcZfIY
RXyWylR1tDY95yiBrcHG8xBAG/bX1sMcTgZQerCV0RPekNfoRve7RvUUEeONOCZ+
4xPHMOyiNC+My3ky3K96VVz+G+miCfj7HSEK1elDDjuPxkryuoQCXFRKIIzUB7Ra
JnlX4cBpaOhMorCDCo3QjhOgk01C1+UaucAa7+B7Lowa0n3OJhO2SzhkCtJ6vuNY
M3VN24QwWpsAori/ZGRSpsJ3NwkgUkx+mWD6Ap/ZTdimcZJp5iGyItRkY5QhESKx
qREUGYk3iHuDhtdrg5gxpUy/HlYQ/WOwGpuwqRKeEvEZ6shUJFnXiZt4A6N/YT5H
duG9O8lDWKeGy4oL+YFDNi0L0Gd2jwtxf7O2QgJ7B8Qibr719ryYZGrj6Ku8lYXp
35iQdHyVnioO3UqafkeG0CPM11m22Q6kZGj5Res+6jDx25LsexkRcehz4eFeHffP
nktxYaz38+MdrQEcKu1i
=EhR6
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivosti Cisco Webex Network Recording Player softvera

Otkriveno je nekoliko ranjivosti u Cisco WebEx Network Recording Player softveru koje su uzrokovane nepravilnom provjerom Advanced Recording Format (ARF)...

Close