Bug 24251

Assigning to the registered maintainer.

CC: (none) => marja11

really assigning now :-(

Assignee: bugsquad => shlomif

Ubuntu has issued an advisory for this on January 31:
https://usn.ubuntu.com/3876-1/

Advisory:
========================

Updated avahi packages fix security vulnerability:

It was found that avahi responds to unicast queries coming from outside of
local network which may cause an information leak, such as disclosing the
device type/model that responds to the request or the operating system. The
mDNS response may also be used to amplify denial of service attacks against
other networks as the response size is greater than the size of request
(CVE-2017-6519).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6519
https://bugzilla.redhat.com/show_bug.cgi?id=1426712
https://usn.ubuntu.com/3876-1/
========================

Updated packages in core/updates_testing:
========================
avahi-0.6.32-1.1.mga6
avahi-dnsconfd-0.6.32-1.1.mga6
avahi-x11-0.6.32-1.1.mga6
avahi-python-0.6.32-1.1.mga6
avahi-sharp-0.6.32-1.1.mga6
avahi-sharp-doc-0.6.32-1.1.mga6
libavahi-client3-0.6.32-1.1.mga6
libavahi-client-devel-0.6.32-1.1.mga6
libavahi-common3-0.6.32-1.1.mga6
libavahi-common-devel-0.6.32-1.1.mga6
libavahi-core7-0.6.32-1.1.mga6
libavahi-core-devel-0.6.32-1.1.mga6
libavahi-compat-libdns_sd1-0.6.32-1.1.mga6
libavahi-compat-libdns_sd-devel-0.6.32-1.1.mga6
libavahi-glib1-0.6.32-1.1.mga6
libavahi-glib-devel-0.6.32-1.1.mga6
libavahi-gobject0-0.6.32-1.1.mga6
libavahi-gobject-devel-0.6.32-1.1.mga6
libavahi-compat-howl0-0.6.32-1.1.mga6
libavahi-compat-howl-devel-0.6.32-1.1.mga6
libavahi-qt4_1-0.6.32-1.1.mga6
libavahi-qt4-devel-0.6.32-1.1.mga6
libavahi-ui-gtk3_0-0.6.32-1.1.mga6
libavahi-ui-gtk3-devel-0.6.32-1.1.mga6
libavahi-ui1-0.6.32-1.1.mga6
libavahi-ui-devel-0.6.32-1.1.mga6
libavahicore-gir0.6-0.6.32-1.1.mga6
libavahi-gir0.6-0.6.32-1.1.mga6

from avahi-0.6.32-1.1.mga6.src.rpm

Assignee: shlomif => qa-bugs
Whiteboard: MGA6TOO => (none)

MGA6-32 MATE on IBM Thinkpad R50e
No installation issues
Tried a few commands
$ avahi-discover-standalone 
*** WARNING: Detected another IPv4 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended. ***
*** WARNING: Detected another IPv6 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended. ***
Joining mDNS multicast group on interface wlp2s2.IPv6 with address fe80::213:ceff:fecf:6f09.
New relevant interface wlp2s2.IPv6 for mDNS.
Joining mDNS multicast group on interface wlp2s2.IPv4 with address 192.168.2.125.
New relevant interface wlp2s2.IPv4 for mDNS.
Joining mDNS multicast group on interface enp2s8.IPv6 with address fe80::20a:e4ff:fec3:7339.
New relevant interface enp2s8.IPv6 for mDNS.
Joining mDNS multicast group on interface enp2s8.IPv4 with address 192.168.2.6.
New relevant interface enp2s8.IPv4 for mDNS.
Network interface enumeration completed.
and some more....

$ avahi-discover
Gtk-Message: Failed to load module "canberra-gtk-module"
Browsing domain 'local' on -1.-1 ...
Browsing domain 'fritz.box' on -1.-1 ...
Browsing domain '<mylocaldomain>' on -1.-1 ...

$ avahi-browse-domains 
+  n/a  n/a fritz.box
+  n/a  n/a <mylocaldomain>

$ avahi-resolve-host-name <desktopFQDN>
<desktopFQDN> 192.168.2.1

All looks OK.

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0081.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED