Bugzilla – Bug 1120281
VUL-0: CVE-2018-1000845: avahi: DNS amplification and reflection to spoofed addresses
Last modified: 2020-09-16 11:02:24 UTC
rh#1661252 Avahi version 0.7 contains a Incorrect Access Control vulnerability in avahi-daemon that can result in Traffic reflection and amplification for DDoS attacks.. This attack appear to be exploitable via unicast IP network packet with spoofed source address. References: https://bugzilla.redhat.com/show_bug.cgi?id=1661252 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000845 https://github.com/lathiat/avahi/issues/203
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2019-01-31. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64201
SUSE-SU-2019:0179-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1120281 CVE References: CVE-2018-1000845 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): avahi-glib2-0.6.32-32.3.2 SUSE Linux Enterprise Workstation Extension 12-SP3 (src): avahi-glib2-0.6.32-32.3.2 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): avahi-0.6.32-32.3.1, avahi-glib2-0.6.32-32.3.2 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): avahi-0.6.32-32.3.1, avahi-glib2-0.6.32-32.3.2 SUSE Linux Enterprise Server 12-SP4 (src): avahi-0.6.32-32.3.1, avahi-glib2-0.6.32-32.3.2 SUSE Linux Enterprise Server 12-SP3 (src): avahi-0.6.32-32.3.1, avahi-glib2-0.6.32-32.3.2 SUSE Linux Enterprise Desktop 12-SP4 (src): avahi-0.6.32-32.3.1, avahi-glib2-0.6.32-32.3.2 SUSE Linux Enterprise Desktop 12-SP3 (src): avahi-0.6.32-32.3.1, avahi-glib2-0.6.32-32.3.2
MRs submitted. Re-assigning to security team.
openSUSE-SU-2019:0128-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1120281 CVE References: CVE-2018-1000845 Sources used: openSUSE Leap 42.3 (src): avahi-0.6.32-4.3.1, avahi-glib2-0.6.32-4.3.1, avahi-mono-0.6.32-4.3.1, avahi-qt4-0.6.32-4.3.1
SUSE-SU-2019:0285-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1120281 CVE References: CVE-2018-1000845 Sources used: SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src): avahi-0.6.32-5.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): avahi-0.6.32-5.3.1, avahi-glib2-0.6.32-5.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): avahi-0.6.32-5.3.1, avahi-glib2-0.6.32-5.3.1 SUSE Linux Enterprise Module for Basesystem 15 (src): avahi-0.6.32-5.3.1, avahi-glib2-0.6.32-5.3.1
SUSE-SU-2019:13947-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1120281 CVE References: CVE-2018-1000845 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): avahi-0.6.23-35.6.2, avahi-glib2-0.6.23-35.6.1, avahi-mono-0.6.23-35.6.1 SUSE Linux Enterprise Server 11-SP4 (src): avahi-0.6.23-35.6.2, avahi-glib2-0.6.23-35.6.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): avahi-0.6.23-35.6.2, avahi-glib2-0.6.23-35.6.1
openSUSE-SU-2019:0197-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1120281 CVE References: CVE-2018-1000845 Sources used: openSUSE Leap 15.0 (src): avahi-0.6.32-lp150.4.3.1, avahi-glib2-0.6.32-lp150.4.3.1, avahi-mono-0.6.32-lp150.4.3.1, avahi-qt4-0.6.32-lp150.4.3.1
All fixed. Closing bug.