Msrc Azl3 Avahi 0.8-5 On Azure Linux 3.0 vulnerabilities

CVE-2025-59529 [MEDIUM] CWE-400 simple protocol server ignores accepts unlimited connections and logs failures without limit simple protocol server ignores accepts unlimited connections and logs failures without limit Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes

CVE-2024-52616 [MEDIUM] CWE-334 Avahi: avahi wide-area dns predictable transaction ids Avahi: avahi wide-area dns predictable transaction ids FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2023-38473 [MEDIUM] CWE-617 Reachable assertion in avahi_alternative_host_name Reachable assertion in avahi_alternative_host_name FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2023-38469 [MEDIUM] CWE-617 Reachable assertion in avahi_dns_packet_append_record Reachable assertion in avahi_dns_packet_append_record FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-38472 [MEDIUM] CWE-617 Reachable assertion in avahi_rdata_parse Reachable assertion in avahi_rdata_parse FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2023-38470 [MEDIUM] CWE-617 Reachable assertion in avahi_escape_label Reachable assertion in avahi_escape_label FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2023-38471 [MEDIUM] CWE-617 Reachable assertion in dbus_set_host_name Reachable assertion in dbus_set_host_name FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2023-1981 [MEDIUM] CWE-400 A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call causing the avahi daemon to crash. A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call causing the avahi daemon to crash. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our custome

CVE-2021-3468 [MEDIUM] CWE-835 A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function all A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function allowing a local attacker to trigger an infinite loop. The highest thre

CVE-2021-3502 [MEDIUM] CWE-617 A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions t A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The h

CVE-2021-26720 [HIGH] CWE-59 avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon and allows a local attacker to cause a denial of service or create arbitra avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon.