Your message dated Sun, 05 Jun 2022 17:18:54 +0000
with message-id <[email protected]>
and subject line Bug#986018: fixed in avahi 0.8-6
has caused the Debian Bug report #986018,
regarding avahi: CVE-2021-3502: reachable assertion in
avahi_s_host_name_resolver_start when trying to resolve badly-formatted
hostnames
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
986018: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986018
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: avahi-daemon
Version: 0.8-5
Severity: important
Tags: security
Control: notfound -1 0.7-4+b1
Dear Maintainers,
I found another local denial-of-service vulnerability in avahi-daemon.
It can be triggered by trying to resolve badly-formatted hostnames on
the /run/avahi-daemon/socket interface (I stumbled upon it, accidentally
trying to resolve an IP as a hostname...)
This time the daemon just dies, and this time buster is not affected.
Steps to reproduce:
$ (echo "RESOLVE-HOSTNAME a"; sleep 3;) | socat - /run/avahi-daemon/socket
$ ps -FC avahi-daemon
Same results for these queries: "a.", ".a", "a..b", ".b.c", "a.b.."
Note that every local user has access to the socket.
Yours
Thomas Kremer
-- System Information:
Debian Release: 10.8
APT prefers stable
APT policy: (700, 'stable'), (500, 'oldoldstable'), (500,
'oldstable'), (450, 'testing'), (400, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN,
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages avahi-daemon depends on:
ii adduser 3.118
ii bind9-host [host] 1:9.11.5.P4+dfsg-5.1+deb10u3
ii dbus 1.12.20-0+deb10u1
ii init-system-helpers 1.56+nmu1
ii libavahi-common3 0.8-5
ii libavahi-core7 0.8-5
ii libc6 2.28-10
ii libcap2 1:2.25-2
ii libdaemon0 0.14-7
ii libdbus-1-3 1.12.20-0+deb10u1
ii libexpat1 2.2.6-2+deb10u1
ii lsb-base 10.2019051400
Versions of packages avahi-daemon recommends:
ii libnss-mdns 0.14.1-1
Versions of packages avahi-daemon suggests:
pn avahi-autoipd <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: avahi
Source-Version: 0.8-6
Done: Michael Biebl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
avahi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated avahi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 05 Jun 2022 18:33:10 +0200
Source: avahi
Built-For-Profiles: nocheck
Architecture: source
Version: 0.8-6
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 986018 993051
Changes:
avahi (0.8-6) unstable; urgency=medium
.
[ Luca Boccassi ]
* avahi-daemon: depend on default-dbus-system-bus | dbus-system-bus.
This allows the reference implementation to be removed if using a
different system bus implementation such as dbus-broker.
[smcv: Adjust commit message]
.
[ Simon McVittie ]
* Add patch to fix display of URLs containing '&' in avahi-discover
* Standards-Version: 4.6.0 (no changes required)
* Use recommended debhelper compat level 13
.
[ Michael Biebl ]
* Do not disable timeout cleanup on watch cleanup.
This was causing timeouts to never be removed from the linked list that
tracks them, resulting in both memory and CPU usage to grow larger over
time. Thanks to Gustavo Noronha Silva (Closes: #993051)
* Drop obsolete lsb-base Depends
* Fix NULL pointer crashes when trying to resolve badly-formatted hostnames.
Fixes a local DoS in avahi-daemon that can be triggered by trying to
resolve badly-formatted hostnames on the /run/avahi-daemon/socket
interface. (CVE-2021-3502, Closes: #986018)
Checksums-Sha1:
a1a2d27cfb3eba3436d7e527410be1b0676d5ebd 3949 avahi_0.8-6.dsc
1b99269af00046da5d95a60df770111677f6896c 36560 avahi_0.8-6.debian.tar.xz
cae15711c51bf081910c7a2ec4aecb41baa274b8 7365 avahi_0.8-6_source.buildinfo
Checksums-Sha256:
587a204d0197d95457837fffb05864625d9c4a727c3170de693fb49d4bfaff00 3949
avahi_0.8-6.dsc
9dde4f73aecb8e39e63e0de282699775c8f031dd779c08f044c7701fa575a094 36560
avahi_0.8-6.debian.tar.xz
be50e3814d92cc2a322fb464c0997d5f951cb2fca5c0159b354aecee2ea85724 7365
avahi_0.8-6_source.buildinfo
Files:
90285f50f4577efea0b571cec5ed0ab8 3949 net optional avahi_0.8-6.dsc
6ffde0887d6db76dc22787b54ae34af5 36560 net optional avahi_0.8-6.debian.tar.xz
7c1f872b61f459b733063e0488d8ee5a 7365 net optional avahi_0.8-6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmKc3xYACgkQauHfDWCP
Itz0EBAAlvDo8f+7ZOsWqNSqh3UVObQ6kBi3lnsjxa6XH4+CQc7Sd4iO42N+TAg3
u5ZWwlAL8mDa8B5UUwnM6pnhG2nLfXbBlxS33MeTnFRRPSqGfl6X7lo7A9LBFhZ/
gOyI++Lrnmu5bc923WO82Tv63eTAf4egVz6Y4k65WWP2EwTeARMv1HkEe9TgNg+1
xPTBQVjuCssvqOZn+Tj/1ZQsTCKpCWJcdu1OIqcDojp9Blm4ANVfQ0IdpyXz8IGK
UUBPf1o5acqnaTQE2gO6iWIm36sJJ8mHpur+r0H5biJrUbXDbOXspTJPvFbv4nxr
hrj5iTFqBqoQocH0u0BaC3RL4Vtu1yjwxC786hSmaEDRScpVtUAnD3e0j3gZkTM/
0tfnCje/P5zOGruy34/H9qO97BNdZPhFWGmN/vuky7F1tVC8c6mky1lULh9o0cVR
VKBgkj8bBk3ePeRjQ7v4YOOfsxP5bfJMNjv3sBGmiJ6cP5BIfUQIDktpGf1BsA5F
idzGPl8Dk287gfPebhWCmoVg6xg1TgdLY4IRTwCaokZ6dk4R6FjYRgpkFOEsPuD0
BbCrrWaPABkBeqe8unlJVbla4rXAJdPG4CPPnHcXuGF54dytPJVUP2pLm0pcc41s
11BjLleF+MAYKpVxSgWIKyGyZBE+CrO8x0LuCo8t6KJ4sfUb5ME=
=OZO7
-----END PGP SIGNATURE-----
--- End Message ---
