[ubuntu/jammy-security] avahi 0.8-5ubuntu5.4 (Accepted)
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Mon Jan 19 12:07:15 UTC 2026
avahi (0.8-5ubuntu5.4) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of service when creating a record browser.
- debian/patches/CVE-2025-68276.patch: Add AVAHI_LOOKUP_USE_WIDE_AREA and
wide area use check in avahi-core/browse.c.
- CVE-2025-68276
* SECURITY UPDATE: Denial of service after CNAME expiration.
- debian/patches/CVE-2025-68468.patch: Remove assert in
avahi-core/browse.c.
- CVE-2025-68468
* SECURITY UPDATE: Denial of service on receiving CNAME resource records.
- debian/patches/CVE-2025-68471.patch: Change assert to return on
wide_area check in avahi-core/browse.c.
- CVE-2025-68471
avahi (0.8-5ubuntu5.3) jammy; urgency=medium
* Do not disable timeout cleanup on watch cleanup. This was causing timeouts
to never be removed from the linked list that tracks them, resulting in both
memory and CPU usage to grow larger over time. (LP: #1799265)
- d/p/lp1799265-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
Date: 2026-01-16 20:41:11.727167+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/avahi/0.8-5ubuntu5.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list