Your message dated Sun, 12 Feb 2023 19:32:09 +0000
with message-id <[email protected]>
and subject line Bug#984938: fixed in avahi 0.8-5+deb11u2
has caused the Debian Bug report #984938,
regarding avahi: CVE-2021-3468: local DoS by event-busy-loop from writing long
lines to /run/avahi-daemon/socket
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
984938: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: avahi-daemon
Version: 0.7-4+b1
Severity: important
Tags: security
Dear Maintainers,
I found a local denial-of-service vulnerability in avahi-daemon. It can
be triggered by writing long lines to /run/avahi-daemon/socket and
results in an unresponsive busy-loop of the daemon.
Steps to reproduce:
$ perl -e '$|=1; print "a"x(20*1024+1); sleep 1;' | socat -
/run/avahi-daemon/socket
$ top
--> check that avahi-daemon uses 100% CPU, does not react to any valid
requests anymore (at least not using that socket) and does not react to
SIGTERM.
Note that every local user has access to the socket.
Note that in [1], function "client_work()", the code reacts to the
filling of its input buffer with disabling the io-watcher, so the
io-watcher itself must be at fault (though this specific problem could
be fixed in that function by just dropping the whole connection the
moment the buffer fills up).
[1]
https://github.com/lathiat/avahi/blob/master/avahi-daemon/simple-protocol.c
Yours
Thomas Kremer
-- System Information:
Debian Release: 10.8
APT prefers stable
APT policy: (700, 'stable'), (500, 'oldoldstable'), (500,
'oldstable'), (450, 'testing'), (400, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN,
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages avahi-daemon depends on:
ii adduser 3.118
ii bind9-host [host] 1:9.11.5.P4+dfsg-5.1+deb10u3
ii dbus 1.12.20-0+deb10u1
ii libavahi-common3 0.7-4+b1
ii libavahi-core7 0.7-4+b1
ii libc6 2.28-10
ii libcap2 1:2.25-2
ii libdaemon0 0.14-7
ii libdbus-1-3 1.12.20-0+deb10u1
ii libexpat1 2.2.6-2+deb10u1
ii lsb-base 10.2019051400
Versions of packages avahi-daemon recommends:
ii libnss-mdns 0.14.1-1
Versions of packages avahi-daemon suggests:
pn avahi-autoipd <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: avahi
Source-Version: 0.8-5+deb11u2
Done: Michael Biebl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
avahi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated avahi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 10 Jan 2023 09:43:16 +0100
Source: avahi
Architecture: source
Version: 0.8-5+deb11u2
Distribution: bullseye
Urgency: medium
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 984938
Changes:
avahi (0.8-5+deb11u2) bullseye; urgency=medium
.
* Avoid infinite-loop in avahi-daemon by handling HUP event in client_work.
Fixes a local DoS that could be triggered by writing long lines to
/run/avahi-daemon/socket. (CVE-2021-3468, Closes: #984938)
Checksums-Sha1:
a8ae35c528f7a20dd95bf2aa32289bf90d0effe1 3981 avahi_0.8-5+deb11u2.dsc
265091880adabf0e355c1e9f62dea829fdd8c9c1 37092
avahi_0.8-5+deb11u2.debian.tar.xz
a302aa0aafab1f5749e6b075ae2d02374bac8c88 7402
avahi_0.8-5+deb11u2_source.buildinfo
Checksums-Sha256:
528c42b897303f3f8ecb3d287516356e535ff483474fbdbfc00ed7bff9ee5aeb 3981
avahi_0.8-5+deb11u2.dsc
f3e78ee15b344828821e9c40545f87832731e5d164f9839ddbe6487a1e63d9c6 37092
avahi_0.8-5+deb11u2.debian.tar.xz
cdeda6ab33da6354d4709ee85be555d5782dd250058b8d62e518e91fa0543a13 7402
avahi_0.8-5+deb11u2_source.buildinfo
Files:
4d11ec3d6fa3f39121837fe019523c26 3981 net optional avahi_0.8-5+deb11u2.dsc
6872ecf32c746a78b7d500e570676c43 37092 net optional
avahi_0.8-5+deb11u2.debian.tar.xz
be0507a3ddeaae563582c80882662b62 7402 net optional
avahi_0.8-5+deb11u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmPelZsACgkQauHfDWCP
Itwheg//aQGXIeC74+LloHoIOF+QTSoEQBAj+pbTRfGTxRy2jy12mXPzvupTwwsG
88+d2idEV8qC4BFn0x5VfoVixkiL9IY+Z/f6ddKIdaYYpMT0n5/5meFhaMyHBqf9
Al1TmzPRkplctdTA6vrWIXUgYPV4t6zz5j+ss8HGWRAztgEef2aegRD+PzgLOnXu
J0wTkPSTSZKe9Ei5u8ggGmvPreSzPopcULqLmkkKY/ZIpG9U/Cm1rIzHNcJXlvGk
iDD6KPsT4luGPSsBCD65aOid7GzYMaZ250xKuOLgp558mgcteFfnByBCqVPoc1qI
Hz58oKf3EJBDI8YKUmmIxbmtBYiO64oSlJvhbK1ibA83fnA6ymxBvGREIXpD13fN
MgzAiagtBS+4OYIh/LZvEaso8L95VFCU+6xe5r9jkiU/EWjj8Yu9uBg8eghfcwuq
KLUAmdc4IAGsBQtrTw7+ULLVzZT9e5TlgUi/Nn4sWBpyJ1lHkufNbA/mm0JqAk2U
ReRO8+rRJL9jDT0nK61RLFeBO0sjO3I9KlAzqhjTl4t/dLzBSA1VC3JxMLV7tCTo
x0LTTpkEpb4Tf3KhRHwi2mVXbhBGQ5LhY5E9BXjxd6/cxLRzjszvfNS7mxUfazdU
1WNuVrmb7vapyx6LXP+Sof/dtmzrYxmrVlDm+W8opa/MneH37i8=
=36Q0
-----END PGP SIGNATURE-----
--- End Message ---
