This SRPM has no obvious maintainer, so assigning this globally.

Assignee: bugsquad => pkg-bugs

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Avoid infinite loop by handling HUP event in client_work. (CVE-2021-3468)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VCPLDL2TVAMUG4CYPGSPUHQ3KJXENCPN/
https://bugzilla.redhat.com/show_bug.cgi?id=1939614
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
========================

Updated packages in 7/core/updates_testing:
========================
avahi-0.7-4.1.mga7
avahi-dnsconfd-0.7-4.1.mga7
avahi-x11-0.7-4.1.mga7
avahi-python-0.7-4.1.mga7
avahi-sharp-0.7-4.1.mga7
avahi-sharp-doc-0.7-4.1.mga7
lib(64)avahi-client3-0.7-4.1.mga7
lib(64)avahi-client-devel-0.7-4.1.mga7
lib(64)avahi-common3-0.7-4.1.mga7
lib(64)avahi-common-devel-0.7-4.1.mga7
lib(64)avahi-core7-0.7-4.1.mga7
lib(64)avahi-core-devel-0.7-4.1.mga7
lib(64)avahi-compat-libdns_sd1-0.7-4.1.mga7
lib(64)avahi-compat-libdns_sd-devel-0.7-4.1.mga7
lib(64)avahi-glib1-0.7-4.1.mga7
lib(64)avahi-glib-devel-0.7-4.1.mga7
lib(64)avahi-gobject0-0.7-4.1.mga7
lib(64)avahi-gobject-devel-0.7-4.1.mga7
lib(64)avahi-compat-howl0-0.7-4.1.mga7
lib(64)avahi-compat-howl-devel-0.7-4.1.mga7
lib(64)avahi-qt4_1-0.7-4.1.mga7
lib(64)avahi-qt4-devel-0.7-4.1.mga7
lib(64)avahi-ui-gtk3_0-0.7-4.1.mga7
lib(64)avahi-ui-gtk3-devel-0.7-4.1.mga7
lib(64)avahi-ui0-0.7-4.1.mga7
lib(64)avahi-ui-devel-0.7-4.1.mga7
lib(64)avahicore-gir0.6-0.7-4.1.mga7
lib(64)avahi-gir0.6-0.7-4.1.mga7

from SRPM:
avahi-0.7-4.1.mga7.src.rpm

Updated packages in 8/core/updates_testing:
========================
avahi-0.8-6.1.mga8
avahi-dnsconfd-0.8-6.1.mga8
avahi-x11-0.8-6.1.mga8
avahi-sharp-0.8-6.1.mga8
avahi-sharp-doc-0.8-6.1.mga8
lib(64)avahi-client3-0.8-6.1.mga8
lib(64)avahi-client-devel-0.8-6.1.mga8
lib(64)avahi-common3-0.8-6.1.mga8
lib(64)avahi-common-devel-0.8-6.1.mga8
lib(64)avahi-core7-0.8-6.1.mga8
lib(64)avahi-core-devel-0.8-6.1.mga8
lib(64)avahi-compat-libdns_sd1-0.8-6.1.mga8
lib(64)avahi-compat-libdns_sd-devel-0.8-6.1.mga8
lib(64)avahi-glib1-0.8-6.1.mga8
lib(64)avahi-glib-devel-0.8-6.1.mga8
lib(64)avahi-gobject0-0.8-6.1.mga8
lib(64)avahi-gobject-devel-0.8-6.1.mga8
lib(64)avahi-compat-howl0-0.8-6.1.mga8
lib(64)avahi-compat-howl-devel-0.8-6.1.mga8
lib(64)avahi-qt5_1-0.8-6.1.mga8
lib(64)avahi-qt5-devel-0.8-6.1.mga8
lib(64)avahi-ui-gtk3_0-0.8-6.1.mga8
lib(64)avahi-ui-gtk3-devel-0.8-6.1.mga8
lib(64)avahi-libevent1-0.8-6.1.mga8
lib(64)avahi-libevent-devel-0.8-6.1.mga8
lib(64)avahicore-gir0.6-0.8-6.1.mga8
lib(64)avahi-gir0.6-0.8-6.1.mga8

from SRPM:
avahi-0.8-6.1.mga8.src.rpm

Whiteboard: MGA8TOO, MGA7TOO => MGA7TOO
Status comment: Patch available from upstream => (none)
Version: Cauldron => 8
Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED

mga7, x64

Made sure that all the listed packages were installed.

$ systemctl status avahi*
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
   Loaded: loaded (/usr/lib/systemd/system/avahi-daemon.service; enabled; vendo>
   Active: active (running) since Tue 2021-05-11 10:51:51 BST; 2 days ago

CVE-2021-3468
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938

$ perl -e '$|=1; print "a"x(20*1024+1); sleep 1;' | socat -
/run/avahi-daemon/socket
$ top
  --> check that avahi-daemon uses 100% CPU, does not react to any valid
requests anymore (at least not using that socket) and does not react to
SIGTERM.

Confirming this.
1016 avahi     20   0    6036   3552   3196 R 100.0   0.0   1:11.54 avahi-daemon

$ sudo kill -9 1016
That worked.  So, the problem can be reproduced.

Updated the packages and restarted the avahi daemon.

Ran the perl command again to test the PoC.  top did not register any abnormal activity with respect to avahi.  So, the issue is fixed.

$ avahi-browse --all -t
$
No relevant services.

Commands available are:
$ ls /usr/bin | grep avahi
avahi-bookmarks*
avahi-browse*
avahi-browse-domains@
avahi-discover*
avahi-discover-standalone*
avahi-publish*
avahi-publish-address@
avahi-publish-service@
avahi-resolve*
avahi-resolve-address@
avahi-resolve-host-name@
avahi-set-host-name*

Relevant services can be listed:
$ avahi-browse -b
PulseAudio Sound Server
PostgreSQL Server
Apple TimeMachine
WebDAV File Share
[...]
Thousand Parsec Server
FTP File Transfer
SubEthaEdit Collaborative Text Editor

72 in all.

Tried playing some music to give pulseaudio a sound sink but nothing is registered.
Not sure what to do at this point.

CC: (none) => tarazed25

mga8, x64

Installed the listed packages - noted a complaint - something about a scriptlet failed for avahi-sharp.  Lost the details.
Started the avahi-daemon.

$ perl -e '$|=1; print "a"x(20*1024+1); sleep 1;' | socat - /run/avahi-daemon/socket 

$ top
 386616 avahi     20   0    7112   3852   3312 R 100.0   0.0   0:48.09 avahi-daemon

Mageia8 is vulnerable to the bug.
Updated packages from testing and noted that there was a problem with avahi-sharp-doc, something like invalid file format.

Restarted the avahi daemon and repeated the PoC.  No CPU hogging so the issue is solved.

Not taking this any further just now.  Very limited understanding of zeroconf services.  Can only imagine that they are services available on the network that are actively touting for business.  Not likely to find such on a simple home network.

Note if you have an AirPrint compatible Network Printer, it should appear in "Print" menu by itself because it uses zeroconf service and cups to be set up.


On MGA7 and MGA8 x86_64, applying updates. Able to print to my shared Networked printer, avahi (zeroconf) OK.

CC: (none) => ouaurelien
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK MGA8-64-OK

Further to comment 4, tried this:
$ avahi-discover-standalone
*** WARNING: Detected another IPv4 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended. ***
*** WARNING: Detected another IPv6 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended. ***
Joining mDNS multicast group on interface eno1.IPv6 with address fe80::1a31:bfff:fe6a:66e3.
New relevant interface eno1.IPv6 for mDNS.
Joining mDNS multicast group on interface eno1.IPv4 with address 192.168.1.100.
New relevant interface eno1.IPv4 for mDNS.
Joining mDNS multicast group on interface lo.IPv6 with address ::1.
New relevant interface lo.IPv6 for mDNS.
Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
New relevant interface lo.IPv4 for mDNS.
Network interface enumeration completed.
sendmsg() to ff02::fb failed: Network is unreachable
.....

A gui was displayed, listing the network printer on "eno1 IPv4" and _ssh._tcp
 Remote Access on this machine and the fileserver.  Clicking on an entry supplies further information, like Domain Name and LAN address.

@Aurelien in reply to comment 5.
Thanks, but where do you see "Print" menu?  Do you mean the CUPS interface in a browser?

(In reply to Len Lawrence from comment #7)
> @Aurelien in reply to comment 5.
> Thanks, but where do you see "Print" menu?  Do you mean the CUPS interface
> in a browser?

Yes, for sure.

Ah.  In that case it does not work for me.  All that shows is the the usual entry for the printer, which is "okda" for the Photosmart 5520, nothing about avahi.

The  avahi-discover-standalone command lists lots of entries, all about the printer then times out on "Network is unreachable".

When it was first configured on this system 'network printer' was found and set up without any problem.

Yes, but you should open zeroconf stuff in shorewall firewall under Mageia Control Centre.

OK, done that.  But, no luck.  I think we shall have to be satisfied that it works for you.  At least you know what you are doing.

Validating. Advisory in Comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0212.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED