[Pkg-utopia-maintainers] Bug#1132712: avahi: CVE-2026-34933
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 4 16:12:35 BST 2026
Source: avahi
Version: 0.8-18
Severity: important
Forwarded: https://github.com/avahi/avahi/pull/891
X-Debbugs-Cc: carnil at debian.org
Control: found -1 0.8-16
Control: found -1 0.8-10+deb12u1
Control: found -1 0.8-1
Hi,
The following vulnerability was published for avahi.
CVE-2026-34933[0]:
| Avahi is a system which facilitates service discovery on a local
| network via the mDNS/DNS-SD protocol suite. Prior to version
| 0.9-rc4, any unprivileged local user can crash avahi-daemon by
| sending a single D-Bus method call with conflicting publish flags.
| This issue has been patched in version 0.9-rc4.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-34933
https://www.cve.org/CVERecord?id=CVE-2026-34933
[1] https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc
[2] https://github.com/avahi/avahi/pull/891
Regards,
Salvatore
More information about the Pkg-utopia-maintainers
mailing list