An update for avahi is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1273 Final 1.0 1.0 2021-07-24 Initial 2021-07-24 2021-07-24 openEuler SA Tool V1.0 2021-07-24 avahi security update An update for avahi is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. Security Fix(es): Avahi 0.8 allows a local denial of service (NULL pointer dereference and daemon crash) against avahi-daemon via the D-Bus interface or a "ping .local" command.(CVE-2021-36217) An update for avahi is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium avahi https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1273 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-36217 https://nvd.nist.gov/vuln/detail/CVE-2021-36217 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 avahi-compat-libdns_sd-devel-0.8-5.oe1.aarch64.rpm avahi-dnsconfd-0.8-5.oe1.aarch64.rpm avahi-debugsource-0.8-5.oe1.aarch64.rpm avahi-ui-0.8-5.oe1.aarch64.rpm avahi-0.8-5.oe1.aarch64.rpm avahi-compat-libdns_sd-0.8-5.oe1.aarch64.rpm avahi-tools-0.8-5.oe1.aarch64.rpm avahi-libs-0.8-5.oe1.aarch64.rpm avahi-devel-0.8-5.oe1.aarch64.rpm avahi-ui-devel-0.8-5.oe1.aarch64.rpm avahi-compat-howl-0.8-5.oe1.aarch64.rpm avahi-ui-gtk3-0.8-5.oe1.aarch64.rpm avahi-gobject-0.8-5.oe1.aarch64.rpm avahi-glib-0.8-5.oe1.aarch64.rpm avahi-compat-howl-devel-0.8-5.oe1.aarch64.rpm avahi-debuginfo-0.8-5.oe1.aarch64.rpm avahi-compat-libdns_sd-devel-0.8-5.oe1.aarch64.rpm avahi-dnsconfd-0.8-5.oe1.aarch64.rpm avahi-debugsource-0.8-5.oe1.aarch64.rpm avahi-ui-0.8-5.oe1.aarch64.rpm avahi-0.8-5.oe1.aarch64.rpm avahi-compat-libdns_sd-0.8-5.oe1.aarch64.rpm avahi-tools-0.8-5.oe1.aarch64.rpm avahi-libs-0.8-5.oe1.aarch64.rpm avahi-devel-0.8-5.oe1.aarch64.rpm avahi-ui-devel-0.8-5.oe1.aarch64.rpm avahi-compat-howl-0.8-5.oe1.aarch64.rpm avahi-ui-gtk3-0.8-5.oe1.aarch64.rpm avahi-gobject-0.8-5.oe1.aarch64.rpm avahi-glib-0.8-5.oe1.aarch64.rpm avahi-compat-howl-devel-0.8-5.oe1.aarch64.rpm avahi-debuginfo-0.8-5.oe1.aarch64.rpm avahi-help-0.8-5.oe1.noarch.rpm avahi-help-0.8-5.oe1.noarch.rpm avahi-0.8-5.oe1.src.rpm avahi-0.8-5.oe1.src.rpm avahi-0.8-5.oe1.x86_64.rpm avahi-libs-0.8-5.oe1.x86_64.rpm avahi-ui-0.8-5.oe1.x86_64.rpm avahi-debugsource-0.8-5.oe1.x86_64.rpm avahi-gobject-0.8-5.oe1.x86_64.rpm avahi-compat-libdns_sd-devel-0.8-5.oe1.x86_64.rpm avahi-debuginfo-0.8-5.oe1.x86_64.rpm avahi-ui-devel-0.8-5.oe1.x86_64.rpm avahi-dnsconfd-0.8-5.oe1.x86_64.rpm avahi-devel-0.8-5.oe1.x86_64.rpm avahi-compat-howl-0.8-5.oe1.x86_64.rpm avahi-tools-0.8-5.oe1.x86_64.rpm avahi-glib-0.8-5.oe1.x86_64.rpm avahi-compat-libdns_sd-0.8-5.oe1.x86_64.rpm avahi-compat-howl-devel-0.8-5.oe1.x86_64.rpm avahi-ui-gtk3-0.8-5.oe1.x86_64.rpm avahi-0.8-5.oe1.x86_64.rpm avahi-libs-0.8-5.oe1.x86_64.rpm avahi-ui-0.8-5.oe1.x86_64.rpm avahi-debugsource-0.8-5.oe1.x86_64.rpm avahi-gobject-0.8-5.oe1.x86_64.rpm avahi-compat-libdns_sd-devel-0.8-5.oe1.x86_64.rpm avahi-debuginfo-0.8-5.oe1.x86_64.rpm avahi-ui-devel-0.8-5.oe1.x86_64.rpm avahi-dnsconfd-0.8-5.oe1.x86_64.rpm avahi-devel-0.8-5.oe1.x86_64.rpm avahi-compat-howl-0.8-5.oe1.x86_64.rpm avahi-tools-0.8-5.oe1.x86_64.rpm avahi-glib-0.8-5.oe1.x86_64.rpm avahi-compat-libdns_sd-0.8-5.oe1.x86_64.rpm avahi-compat-howl-devel-0.8-5.oe1.x86_64.rpm avahi-ui-gtk3-0.8-5.oe1.x86_64.rpm Avahi 0.8 allows a local denial of service (NULL pointer dereference and daemon crash) against avahi-daemon via the D-Bus interface or a "ping .local" command. 2021-07-24 CVE-2021-36217 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H avahi security update 2021-07-24 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1273