vulnerability
SUSE: CVE-2021-26720: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Feb 17, 2021 | Feb 24, 2021 | Oct 26, 2022 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Feb 17, 2021
Added
Feb 24, 2021
Modified
Oct 26, 2022
Description
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.
Solution(s)
suse-upgrade-avahisuse-upgrade-avahi-autoipdsuse-upgrade-avahi-compat-howl-develsuse-upgrade-avahi-compat-mdnsresponder-develsuse-upgrade-avahi-langsuse-upgrade-avahi-monosuse-upgrade-avahi-utilssuse-upgrade-avahi-utils-gtksuse-upgrade-libavahi-client3suse-upgrade-libavahi-client3-32bitsuse-upgrade-libavahi-common3suse-upgrade-libavahi-common3-32bitsuse-upgrade-libavahi-core7suse-upgrade-libavahi-develsuse-upgrade-libavahi-glib-develsuse-upgrade-libavahi-glib1suse-upgrade-libavahi-glib1-32bitsuse-upgrade-libavahi-gobject-develsuse-upgrade-libavahi-gobject0suse-upgrade-libavahi-libevent1suse-upgrade-libavahi-qt4-1suse-upgrade-libavahi-qt4-develsuse-upgrade-libavahi-ui-gtk3-0suse-upgrade-libavahi-ui0suse-upgrade-libdns_sdsuse-upgrade-libdns_sd-32bitsuse-upgrade-libhowl0suse-upgrade-python-avahisuse-upgrade-python-avahi-gtksuse-upgrade-python3-avahisuse-upgrade-python3-avahi-gtksuse-upgrade-typelib-1_0-avahi-0_6
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.