[USN-3876-2] Avahi vulnerabilities

protocol=”application/pgp-signature”; boundary=”=-eDe9JoNbJE12Jjam6oAO”

–=-eDe9JoNbJE12Jjam6oAO

Content-Transfer-Encoding: quoted-printable

=
=

Ubuntu Security Notice USN-3876-2
January 31, 2019

avahi vulnerabilities
=
=

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Avahi.

Software Description:
– avahi: Avahi IPv4LL network address configuration daemon

Details:

USN-3876-1 fixed a vulnerability in Avahi. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

=C2=A0Chad Seaman discovered that Avahi incorrectly handled certain
messages.
=C2=A0An attacker could possibly use this issue to cause a denial of
service.
=C2=A0(CVE-2017-6519, CVE-2018-1000845)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
=C2=A0 avahi-daemon=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A00.6.30-5u=
buntu2.3
=C2=A0 libavahi-core7=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A00.6.30-5ubuntu2.3

In general, a standard system update will make all the necessary
changes.

References:
=C2=A0 https://usn.ubuntu.com/usn/usn-3876-2
=C2=A0 https://usn.ubuntu.com/usn/usn-3876-1
=C2=A0 CVE-2017-6519, CVE-2018-1000845
–=-eDe9JoNbJE12Jjam6oAO

Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJcUviSAAoJEEW851uECx9pIL4P/j5cTHTq0ufHNjLTNjNUE7RC
aw8UNkcW1OqfODMvngMyT+s7q0uTCnz6sRhtP2PMmvCSh6ryY7Anc8eNFU86t8JY
2O0zTVY7gpXvWNUpszu0TDswhxNQSpHyxMyit7lbLxuf41vh8CIBctRFoffNRkKB
wN3eveGR5qwy1EKGTlAeiaz063Gn27hJF13vGtEa+lFEkUo6fTsrXEXhI3mcZfIY
RXyWylR1tDY95yiBrcHG8xBAG/bX1sMcTgZQerCV0RPekNfoRve7RvUUEeONOCZ+
4xPHMOyiNC+My3ky3K96VVz+G+miCfj7HSEK1elDDjuPxkryuoQCXFRKIIzUB7Ra
JnlX4cBpaOhMorCDCo3QjhOgk01C1+UaucAa7+B7Lowa0n3OJhO2SzhkCtJ6vuNY
M3VN24QwWpsAori/ZGRSpsJ3NwkgUkx+mWD6Ap/ZTdimcZJp5iGyItRkY5QhESKx
qREUGYk3iHuDhtdrg5gxpUy/HlYQ/WOwGpuwqRKeEvEZ6shUJFnXiZt4A6N/YT5H
duG9O8lDWKeGy4oL+YFDNi0L0Gd2jwtxf7O2QgJ7B8Qibr719ryYZGrj6Ku8lYXp
35iQdHyVnioO3UqafkeG0CPM11m22Q6kZGj5Res+6jDx25LsexkRcehz4eFeHffP
nktxYaz38+MdrQEcKu1i
=EhR6
—–END PGP SIGNATURE—–

–=-eDe9JoNbJE12Jjam6oAO–

MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK