Source: avahi Version: 0.8-18 Severity: important Forwarded: https://github.com/avahi/avahi/pull/891 X-Debbugs-Cc: [email protected] Control: found -1 0.8-16 Control: found -1 0.8-10+deb12u1 Control: found -1 0.8-1
Hi, The following vulnerability was published for avahi. CVE-2026-34933[0]: | Avahi is a system which facilitates service discovery on a local | network via the mDNS/DNS-SD protocol suite. Prior to version | 0.9-rc4, any unprivileged local user can crash avahi-daemon by | sending a single D-Bus method call with conflicting publish flags. | This issue has been patched in version 0.9-rc4. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-34933 https://www.cve.org/CVERecord?id=CVE-2026-34933 [1] https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc [2] https://github.com/avahi/avahi/pull/891 Regards, Salvatore
