UbuntuUpdates.org

Package "libavahi-core-dev"

Name: libavahi-core-dev

Description:

Development files for Avahi's embeddable mDNS/DNS-SD library
Latest version: 0.8-5ubuntu5.4
Release: jammy (22.04)
Level: security
Repository: main
Head package: avahi
Homepage: http://avahi.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libavahi-core-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libavahi-core-dev" in Jammy

Repository Area Version
base main 0.8-5ubuntu5
updates main 0.8-5ubuntu5.4

Changelog

Version: 0.8-5ubuntu5.4 2026-01-19 16:25:59 UTC

  avahi (0.8-5ubuntu5.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service when creating a record browser.
    - debian/patches/CVE-2025-68276.patch: Add AVAHI_LOOKUP_USE_WIDE_AREA and
      wide area use check in avahi-core/browse.c.
    - CVE-2025-68276
  * SECURITY UPDATE: Denial of service after CNAME expiration.
    - debian/patches/CVE-2025-68468.patch: Remove assert in
      avahi-core/browse.c.
    - CVE-2025-68468
  * SECURITY UPDATE: Denial of service on receiving CNAME resource records.
    - debian/patches/CVE-2025-68471.patch: Change assert to return on
      wide_area check in avahi-core/browse.c.
    - CVE-2025-68471

 -- Hlib Korzhynskyy <email address hidden> Thu, 15 Jan 2026 15:01:39 -0330
Source diff to previous version
CVE-2025-68276 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged
CVE-2025-68468 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can
CVE-2025-68471 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can

Version: 0.8-5ubuntu5.2 2023-11-20 16:07:06 UTC

  avahi (0.8-5ubuntu5.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Reachable assertions exist in server functions of
    avahi-core
    - debian/patches/CVE-2023-38469-1.patch: reject overly long TXT
      resource records
    - debian/patches/CVE-2023-38469-2.patch: tests: pass overly long TXT
      resource records
    - CVE-2023-38469

  * SECURITY UPDATE: Reachable assertions exist in domain functions in
    avahi-common
    - debian/patches/CVE-2023-38470-1.patch: Ensure each label is at least
      one byte long
    - debian/patches/CVE-2023-38470-2.patch: bail out when escaped labels
      can't fit into ret
    - CVE-2023-38470

  * SECURITY UPDATE: Reachable assertions exist in server functions in
    avahi-core
    - debian/patches/CVE-2023-38471-1.patch: core: extract host name using
      avahi_unescape_label()
    - debian/patches/CVE-2023-38471-2.patch: core: return errors from
      avahi_server_set_host_name properly
    - CVE-2023-38471

  * SECURITY UPDATE: Reachable assertions exist in dbus functions in
    avahi-daemon
    - debian/patches/CVE-2023-38472.patch: core: make sure there is rdata
      to process before parsing it
    - CVE-2023-38472

  * SECURITY UPDATE: Reachable assertions exist in alternative functions
    in avahi-common
    - debian/patches/CVE-2023-38473.patch: common: derive alternative host
      name from its unescaped version
    - CVE-2023-38473

 -- Nick Galanis <email address hidden> Thu, 16 Nov 2023 16:37:03 +0000
Source diff to previous version
CVE-2023-38469 A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
CVE-2023-38470 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
CVE-2023-38471 A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
CVE-2023-38472 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
CVE-2023-38473 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.

Version: 0.8-5ubuntu5.1 2023-06-01 17:07:06 UTC

  avahi (0.8-5ubuntu5.1) jammy-security; urgency=medium

  * SECURITY UPDATE: avahi-daemon can be crashed via DBus
    - debian/patches/CVE-2023-1981.patch: emit error if requested service
      is not found in avahi-daemon/dbus-protocol.c.
    - CVE-2023-1981

 -- Marc Deslauriers <email address hidden> Wed, 31 May 2023 09:57:11 -0400
CVE-2023-1981 A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.


About   -   Send Feedback to @ubuntu_updates