Bug 35044 - avahi new security issue CVE-2025-59529, CVE-2026-24401 and CVE-2026-34933
Summary: avahi new security issue CVE-2025-59529, CVE-2026-24401 and CVE-2026-34933
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard: MGA9TOO
Keywords:
Depends on: 34887
Blocks:
  Show dependency treegraph
 
Reported: 2026-01-21 09:26 CET by Nicolas Salguero
Modified: 2026-05-08 10:36 CEST (History)
2 users (show)

See Also:
Source RPM: avahi-0.8-17.mga10.src.rpm, avahi-0.8-10.3.mga9.src.rpm
CVE: CVE-2025-59529, CVE-2026-24401, CVE-2026-34933
Status comment: Candidate fix available and fixes available from upstream for CVE-2026-34933
nicolas.salguero: affects_mga9+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-01-21 09:26:50 CET 
+++ This bug was initially created as a clone of Bug #34887 +++

Reference: https://www.openwall.com/lists/oss-security/2025/12/19/1

Candidate fix: https://github.com/avahi/avahi/pull/808
Nicolas Salguero 2026-01-21 09:27:29 CET

CVE: CVE-2025-59529, CVE-2025-68276, CVE-2025-68468, CVE-2025-68471 => CVE-2025-59529
Assignee: bugsquad => pkg-bugs
Flags: (none) => affects_mga9+
Whiteboard: (none) => MGA9TOO
Source RPM: avahi-0.8-17.mga10.src.rpm, avahi-0.8-10.2.mga9.src.rpm => avahi-0.8-17.mga10.src.rpm, avahi-0.8-10.3.mga9.src.rpm

Nicolas Salguero 2026-01-21 09:27:47 CET

Status comment: (none) => Candidate fix available

Comment 1 Nicolas Salguero 2026-04-13 09:23:18 CEST 
References for CVE-2026-34933:
https://www.openwall.com/lists/oss-security/2026/04/11/9
https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc

CVE: CVE-2025-59529 => CVE-2025-59529, CVE-2026-34933
Summary: avahi new security issue CVE-2025-59529 => avahi new security issue CVE-2025-59529 and CVE-2026-34933

Nicolas Salguero 2026-04-13 09:23:55 CEST

Status comment: Candidate fix available => Candidate fix available and fixes available from upstream for CVE-2026-34933

Comment 3 Nicolas Salguero 2026-05-08 10:22:24 CEST 
openSUSE added another patch for CVE-2026-24401.

Summary: avahi new security issue CVE-2025-59529 and CVE-2026-34933 => avahi new security issue CVE-2025-59529, CVE-2026-24401 and CVE-2026-34933
CVE: CVE-2025-59529, CVE-2026-34933 => CVE-2025-59529, CVE-2026-24401, CVE-2026-34933

Comment 4 Nicolas Salguero 2026-05-08 10:36:09 CEST 
For Cauldron, I asked for a freeze move to fix CVE-2026-24401 and CVE-2026-34933.
Note You need to log in before you can comment on or make changes to this bug.