Hi, Those CVEs were announced here: https://www.openwall.com/lists/oss-security/2023/10/06/4 Best regards, Nico.
Whiteboard: (none) => MGA9TOO, MGA8TOOSource RPM: (none) => avahi-0.8-10.mga9.src.rpmCC: (none) => nicolas.salguero
The CVE URL leads to no fix that I can see; what do we do with this bug? "several CVE's ... assigned for client requests that can cause the Avahi server to abort with an assertion failure. Only one of them has a fix available so far"
CC: (none) => lewyssmith
RedHat has issued an advisory on December 14: https://lwn.net/Articles/955296/ According to Debian: CVE-2023-38469 is fixed by https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf CVE-2023-38470 is fixed by https://github.com/avahi/avahi/commit/94cb6489114636940ac683515417990b55b5d66c CVE-2023-38471 is fixed by https://github.com/avahi/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09 CVE-2023-38472 is fixed by https://github.com/avahi/avahi/pull/490 CVE-2023-38473 is fixed by https://github.com/avahi/avahi/pull/486
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix security vulnerabilities: A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. (CVE-2023-38469) A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. (CVE-2023-38470) A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. (CVE-2023-38471) A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. (CVE-2023-38472) A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. (CVE-2023-38473) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38469 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38471 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38473 ======================== Updated packages in core/updates_testing: ======================== avahi-0.8-10.1.mga9 avahi-dnsconfd-0.8-10.1.mga9 avahi-sharp-0.8-10.1.mga9 avahi-sharp-doc-0.8-10.1.mga9 avahi-x11-0.8-10.1.mga9 lib(64)avahi-client3-0.8-10.1.mga9 lib(64)avahi-client-devel-0.8-10.1.mga9 lib(64)avahi-common3-0.8-10.1.mga9 lib(64)avahi-common-devel-0.8-10.1.mga9 lib(64)avahi-compat-howl0-0.8-10.1.mga9 lib(64)avahi-compat-howl-devel-0.8-10.1.mga9 lib(64)avahi-compat-libdns_sd1-0.8-10.1.mga9 lib(64)avahi-compat-libdns_sd-devel-0.8-10.1.mga9 lib(64)avahi-core7-0.8-10.1.mga9 lib(64)avahi-core-devel-0.8-10.1.mga9 lib(64)avahi-gir0.6-0.8-10.1.mga9 lib(64)avahi-glib1-0.8-10.1.mga9 lib(64)avahi-glib-devel-0.8-10.1.mga9 lib(64)avahi-gobject0-0.8-10.1.mga9 lib(64)avahi-gobject-devel-0.8-10.1.mga9 lib(64)avahi-libevent1-0.8-10.1.mga9 lib(64)avahi-libevent-devel-0.8-10.1.mga9 lib(64)avahi-qt5_1-0.8-10.1.mga9 lib(64)avahi-qt5-devel-0.8-10.1.mga9 lib(64)avahi-ui-gtk3_0-0.8-10.1.mga9 lib(64)avahi-ui-gtk3-devel-0.8-10.1.mga9 lib(64)avahicore-gir0.6-0.8-10.1.mga9 from SRPM: avahi-0.8-10.1.mga9.src.rpm
Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsWhiteboard: MGA9TOO, MGA8TOO => (none)Version: Cauldron => 9
CVE: (none) => CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472, CVE-2023-38473CC: (none) => marja11
Advisory from comment 3 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
Keywords: (none) => advisory
Mageia9, x86_64 Starting work on this bug but it may take some time. Installed all the release versions of the packages for pre-testing. That went well apart from one error which may or may not be important: ERROR: 'script' failed for avahi-sharp-doc-0.8-10.mga9.x86_64 $ rpm -q avahi-sharp-doc avahi-sharp-doc-0.8-10.mga9 Followed the trail for CVE-2023-38470 and found discussion at RedHat about "A reachable assertion was found in avahi_escape_label". The proposed test is: avahi-resolve -n ',.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}.??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}' which returns Failed to create host name resolver: An unexpected D-Bus error occurred The results listed on-line concern the debug output traced to the source code, so are not reproducible here (little knowledge and no debuginfo sources defined) but the test might show something different after the updates. Later. FWIW the following command works as in past tests: $ avahi-browse --all -t + enp0s20f0u1 IPv4 yildun _ssh._tcp local + enp0s20f0u1 IPv4 Remote Access on yildun _ssh._tcp local + lo IPv4 yildun _ssh._tcp local + lo IPv4 Remote Access on yildun _ssh._tcp local + enp0s20f0u1 IPv4 Remote Access on yildun _sftp-ssh._tcp local + enp0s20f0u1 IPv4 Remote Access on gomeisa _sftp-ssh._tcp local + enp0s20f0u1 IPv4 Remote Access on canopus _sftp-ssh._tcp local + lo IPv4 Remote Access on yildun _sftp-ssh._tcp local + enp0s20f0u1 IPv4 HP Officejet 100 @ yildun _ipp._tcp local + enp0s20f0u1 IPv4 HP Officejet 100 Mobile L411 @ yildun _ipp._tcp local + enp0s20f0u1 IPv4 HP Photosmart 5520 @ yildun _ipp._tcp local + lo IPv4 HP Officejet 100 @ yildun _ipp._tcp local + lo IPv4 HP Officejet 100 Mobile L411 @ yildun _ipp._tcp local + lo IPv4 HP Photosmart 5520 @ yildun _ipp._tcp local + enp0s20f0u1 IPv4 HP Officejet 100 @ yildun _ipps._tcp local + enp0s20f0u1 IPv4 HP Officejet 100 Mobile L411 @ yildun _ipps._tcp local + enp0s20f0u1 IPv4 HP Photosmart 5520 @ yildun _ipps._tcp local + lo IPv4 HP Officejet 100 @ yildun _ipps._tcp local + lo IPv4 HP Officejet 100 Mobile L411 @ yildun _ipps._tcp local + lo IPv4 HP Photosmart 5520 @ yildun _ipps._tcp local + enp0s20f0u1 IPv4 HP Officejet 100 @ yildun _printer._tcp local + enp0s20f0u1 IPv4 HP Officejet 100 Mobile L411 @ yildun _printer._tcp local + enp0s20f0u1 IPv4 HP Photosmart 5520 @ yildun _printer._tcp local + lo IPv4 HP Officejet 100 @ yildun _printer._tcp local + lo IPv4 HP Officejet 100 Mobile L411 @ yildun _printer._tcp local + lo IPv4 HP Photosmart 5520 @ yildun _printer._tcp local + enp0s20f0u1 IPv4 canopus _ssh._tcp local + enp0s20f0u1 IPv4 HP Photosmart 5520 @ canopus _printer._tcp local + enp0s20f0u1 IPv4 HP Photosmart 5520 @ canopus _ipps._tcp local + enp0s20f0u1 IPv4 HP Photosmart 5520 @ canopus _ipp._tcp local + enp0s20f0u1 IPv4 Remote Access on canopus _ssh._tcp local + enp0s20f0u1 IPv4 gomeisa _ssh._tcp local + enp0s20f0u1 IPv4 Remote Access on gomeisa _ssh._tcp local + enp0s20f0u1 IPv4 Photosmart 5520 series [DF8761] _ipp._tcp local + enp0s20f0u1 IPv4 spica _http._tcp local + enp0s20f0u1 IPv4 Photosmart 5520 series [DF8761] _pdl-datastream._tcp local + enp0s20f0u1 IPv4 Photosmart 5520 series [DF8761] _http._tcp local + enp0s20f0u1 IPv4 Photosmart 5520 series [DF8761] _scanner._tcp local + enp0s20f0u1 IPv4 Photosmart 5520 series [DF8761] _http-alt._tcp local + enp0s20f0u1 IPv4 Photosmart 5520 series [DF8761] _uscan._tcp local lcl@yildun:avahi $
CC: (none) => tarazed25
PoC tests: CVE-2023-38469 https://github.com/avahi/avahi/issues/455 Before: $ avahi-publish -s T _qotd._tcp 22 $(perl -le 'print "A " x 100000') Client failure, exiting: Daemon connection failed Afterwards: $ avahi-publish -s T _qotd._tcp 22 $(perl -le 'print "A " x 100000') Failed to add service: Invalid record CVE-2023-38471 https://github.com/avahi/avahi/issues/453 Before: $ busctl call org.freedesktop.Avahi / org.freedesktop.Avahi.Server2 SetHostName "s" 'A\.B' Call failed: Message recipient disconnected from message bus without replying Afterwards: $ busctl call org.freedesktop.Avahi / org.freedesktop.Avahi.Server2 SetHostName "s" 'A\.B' $ $ ps aux | grep avahi avahi 902698 0.0 0.0 16568 12944 ? Ss 19:50 0:00 avahi-daemon: running [A\.B.local] avahi 902700 0.0 0.0 6948 1692 ? S 19:50 0:00 avahi-daemon: chroot helper So that worked OK. ------------------------------------------------------------------------------- Updated all the packages cleanly with the exception of the doc package, as before. at Monodoc.Driver.Main (System.String[] args) [0x001c3] in <b495005cf7014d0585d3145fe8ba8678>:0 warning: %post(avahi-sharp-doc-0.8-10.1.mga9.x86_64) scriptlet failed, exit status 1 Error: ERROR: 'script' failed for avahi-sharp-doc-0.8-10.1.mga9.x86_64 (Not a regression.) Ran this command to expose a gui with various local network connections listed against a network device: $ avahi-discover-standalone Clicking on an entry provides more detailed information about the device or connection. $ avahi-browse --all -t This provides similar but abreviated information to the discover command but on the commandline. No regressions between the release and update versions. Cannot say much about the "reachable assertion" issues but at least CVE-2023-38471 returns a positive result when tested. Giving this an OK on the basis of no regressions.
Whiteboard: (none) => MGA9-64-OK
mga9-64, Plasma X11, kernel linus 6.5.13-2 using drakrpm, updated cleanly the packages this sysyem "svarten" had installed - avahi-0.8-10.1.mga9.x86_64 - lib64avahi-client3-0.8-10.1.mga9.x86_64 - lib64avahi-common3-0.8-10.1.mga9.x86_64 - lib64avahi-core7-0.8-10.1.mga9.x86_64 - lib64avahi-glib1-0.8-10.1.mga9.x86_64 - lib64avahi-gobject0-0.8-10.1.mga9.x86_64 Following Len for function test: I installed for avahi-discover-standalone: - avahi-x11-0.8-10.1.mga9.x86_64 - lib64avahi-ui-gtk3_0-0.8-10.1.mga9.x86_64 avahi-discover-standalone, and avahi-browse --all -t working fine.
CC: (none) => fri
Thanks Morgan. Could you do me a favour and try installing the update version of avahi-sharp-doc? If you have time. It does not look like an important issue but it would be good to eradicate it and it may well be something simple. If it only occurs here then my system would be suspect otherwise what? F eedback or post a bug?
I find: $ rpm -q avahi-sharp-doc avahi-sharp-doc-0.8-10.1.mga9 $ locate avahi-sharp-doc/data/localrepo/x86_64/avahi-sharp-doc-0.8-10.1.mga9.x86_64.rpm /usr/lib/monodoc/sources/avahi-sharp-docs.source /usr/lib/monodoc/sources/avahi-sharp-docs.tree /usr/lib/monodoc/sources/avahi-sharp-docs.zip $ cd /usr/lib/monodoc/sources/ lcl@yildun:sources $ ll avahi* -rw-r--r-- 1 root root 129 Apr 1 2015 avahi-sharp-docs.source -rw-r--r-- 1 root root 9821 Jan 8 09:40 avahi-sharp-docs.tree -rw-r--r-- 1 root root 24491 Jan 8 09:40 avahi-sharp-docs.zip
Sorry: $ locate avahi-sharp-doc /data/localrepo/x86_64/avahi-sharp-.......
[morgan@svarten ~]$ LC_ALL=C sudo urpmi avahi-sharp-doc To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release") mono-cecil 0.10.4 4.mga9 x86_64 mono-tools 4.2 11.mga9 noarch monodoc 6.12.0 4.mga9 x86_64 sharpziplib 1.3.3 2.mga9 x86_64 (medium "Core Updates Testing") avahi-sharp-doc 0.8 10.1.mga9 x86_64 26MB of additional disk space will be used. 20MB of packages will be retrieved. Proceed with the installation of the 5 packages? (Y/n) y https://ftp.acc.umu.se/mirror/mageia/distrib/9/x86_64/media/core/release/mono-tools-4.2-11.mga9.noarch.rpm https://ftp.acc.umu.se/mirror/mageia/distrib/9/x86_64/media/core/release/mono-cecil-0.10.4-4.mga9.x86_64.rpm https://ftp.acc.umu.se/mirror/mageia/distrib/9/x86_64/media/core/release/sharpziplib-1.3.3-2.mga9.x86_64.rpm https://ftp.acc.umu.se/mirror/mageia/distrib/9/x86_64/media/core/release/monodoc-6.12.0-4.mga9.x86_64.rpm https://chuangtzu.ftp.acc.umu.se/mirror/mageia/distrib/9/x86_64/media/core/release/monodoc-6.12.0-4.mga9.x86_64.rpm https://ftp.acc.umu.se/mirror/mageia/distrib/9/x86_64/media/core/updates_testing/avahi-sharp-doc-0.8-10.1.mga9.x86_64.rpm installing mono-tools-4.2-11.mga9.noarch.rpm monodoc-6.12.0-4.mga9.x86_64.rpm mono-cecil-0.10.4-4.mga9.x86_64.rpm avahi-sharp-doc-0.8-10.1.mga9.x86_64.rpm sharpziplib-1.3.3-2.mga9.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ################################################################################################################################################################## 1/5: sharpziplib ################################################################################################################################################################## 2/5: mono-cecil ################################################################################################################################################################## 3/5: monodoc ################################################################################################################################################################## 4/5: mono-tools ################################################################################################################################################################## 5/5: avahi-sharp-doc ################################################################################################################################################################## Error: did not find one of the files in sources//usr/lib/monodoc/sources/gd2i Unhandled Exception: System.Exception: Invalid file format at Monodoc.Tree..ctor (Monodoc.HelpSource hs, System.String filename) [0x0005e] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.HelpSource..ctor (System.String base_filename, System.Boolean create) [0x0006d] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.Providers.ManHelpSource..ctor (System.String base_file, System.Boolean create) [0x00000] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.RootTree.GetHelpSource (System.String provider, System.String basefilepath) [0x00078] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.RootTree.AddSourceFile (System.String sourceFile) [0x0016e] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.RootTree.LoadTree (System.String indexDir, System.Xml.XmlDocument docTree, System.Collections.Generic.IEnumerable`1[T] sourceFiles) [0x000de] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.RootTree.LoadTree (System.String basedir, System.Boolean includeExternal) [0x00078] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.RootTree.LoadTree () [0x00005] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.RootTree.MakeIndex () [0x00000] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.Driver+<Main>c__AnonStorey0.<>m__4 (System.String v) [0x00008] in <b495005cf7014d0585d3145fe8ba8678>:0 at Mono.Options.OptionSet+<Add>c__AnonStorey0.<>m__0 (Mono.Options.OptionValueCollection v) [0x0000e] in <b495005cf7014d0585d3145fe8ba8678>:0 at Mono.Options.OptionSet+ActionOption.OnParseComplete (Mono.Options.OptionContext c) [0x0000d] in <b495005cf7014d0585d3145fe8ba8678>:0 at Mono.Options.Option.Invoke (Mono.Options.OptionContext c) [0x00001] in <b495005cf7014d0585d3145fe8ba8678>:0 at Mono.Options.OptionSet.Parse (System.String argument, Mono.Options.OptionContext c) [0x00099] in <b495005cf7014d0585d3145fe8ba8678>:0 at Mono.Options.OptionSet.Parse (System.Collections.Generic.IEnumerable`1[T] arguments) [0x000bd] in <b495005cf7014d0585d3145fe8ba8678>:0 at Monodoc.Driver.Main (System.String[] args) [0x001c3] in <b495005cf7014d0585d3145fe8ba8678>:0 [ERROR] FATAL UNHANDLED EXCEPTION: System.Exception: Invalid file format at Monodoc.Tree..ctor (Monodoc.HelpSource hs, System.String filename) [0x0005e] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.HelpSource..ctor (System.String base_filename, System.Boolean create) [0x0006d] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.Providers.ManHelpSource..ctor (System.String base_file, System.Boolean create) [0x00000] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.RootTree.GetHelpSource (System.String provider, System.String basefilepath) [0x00078] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.RootTree.AddSourceFile (System.String sourceFile) [0x0016e] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.RootTree.LoadTree (System.String indexDir, System.Xml.XmlDocument docTree, System.Collections.Generic.IEnumerable`1[T] sourceFiles) [0x000de] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.RootTree.LoadTree (System.String basedir, System.Boolean includeExternal) [0x00078] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.RootTree.LoadTree () [0x00005] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.RootTree.MakeIndex () [0x00000] in <2501fcbab5c44976a3279f20821e0117>:0 at Monodoc.Driver+<Main>c__AnonStorey0.<>m__4 (System.String v) [0x00008] in <b495005cf7014d0585d3145fe8ba8678>:0 at Mono.Options.OptionSet+<Add>c__AnonStorey0.<>m__0 (Mono.Options.OptionValueCollection v) [0x0000e] in <b495005cf7014d0585d3145fe8ba8678>:0 at Mono.Options.OptionSet+ActionOption.OnParseComplete (Mono.Options.OptionContext c) [0x0000d] in <b495005cf7014d0585d3145fe8ba8678>:0 at Mono.Options.Option.Invoke (Mono.Options.OptionContext c) [0x00001] in <b495005cf7014d0585d3145fe8ba8678>:0 at Mono.Options.OptionSet.Parse (System.String argument, Mono.Options.OptionContext c) [0x00099] in <b495005cf7014d0585d3145fe8ba8678>:0 at Mono.Options.OptionSet.Parse (System.Collections.Generic.IEnumerable`1[T] arguments) [0x000bd] in <b495005cf7014d0585d3145fe8ba8678>:0 at Monodoc.Driver.Main (System.String[] args) [0x001c3] in <b495005cf7014d0585d3145fe8ba8678>:0 warning: %post(avahi-sharp-doc-0.8-10.1.mga9.x86_64) scriptlet failed, exit status 1 ERROR: 'script' failed for avahi-sharp-doc-0.8-10.1.mga9.x86_64 ---------- I removed these packages again and installed the previous version: same problem, so not a regression.
Keywords: (none) => feedback
Thanks Morgan. Need to digest this.
Tried this again on another system and saw the 'scriptlet fail' message. All the packages were installed so the fault seems to be harmless. Not worth following up IMHO.
CC: (none) => andrewsfarm
CC: (none) => davidwhodgins
Thomas and Dave Hodgins, what we must do with this bug?
As the problem in comment 11 is not a regression validating this security update. A new bug opened for the issue with avahi-sharp-doc.
Keywords: feedback => validated_updateCC: (none) => sysadmin-bugs
As the problem in comment 11 is not a regression validating this security update. A new bug should be opened for the issue with avahi-sharp-doc.
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0016.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED