Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-UBUNTU1804-AVAHI-1076778
- published 19 Feb 2021
- disclosed 17 Feb 2021
How to fix?
There is no fixed version for
Note: Versions mentioned in the description apply only to the upstream
avahi package and not the
avahi package as distributed by
How to fix? for
Ubuntu:18.04 relevant fixed versions and status.
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.