Main Vulnerability Database SB2026041133

SB2026041133 - openEuler 24.03 LTS SP3 update for avahi

Published: April 11, 2026

Security Bulletin ID SB2026041133

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Reachable assertion (CVE-ID: CVE-2026-34933)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to reachable assertion in transport_flags_from_domain() when handling D-Bus method calls with conflicting publish flags. A local user can send a specially crafted D-Bus method call to cause a denial of service.

The issue can be triggered through org.freedesktop.Avahi.EntryGroup methods that accept a flags parameter, and repeated crashes can result in persistent service disruption if the daemon is automatically restarted.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1854

Vulnerable Software

openEuler: 24.03 LTS SP3
avahi-help: before 0.8-28
avahi-ui-tools: before 0.8-28
avahi-ui-gtk3: before 0.8-28
avahi-ui-devel: before 0.8-28
avahi-ui: before 0.8-28
avahi-tools: before 0.8-28
avahi-libs: before 0.8-28
avahi-gobject-devel: before 0.8-28
avahi-gobject: before 0.8-28
avahi-glib-devel: before 0.8-28
avahi-glib: before 0.8-28
avahi-dnsconfd: before 0.8-28
avahi-devel: before 0.8-28
avahi-debugsource: before 0.8-28
avahi-debuginfo: before 0.8-28
avahi-compat-libdns_sd-devel: before 0.8-28
avahi-compat-libdns_sd: before 0.8-28
avahi-compat-howl-devel: before 0.8-28
avahi-compat-howl: before 0.8-28
avahi-autoipd: before 0.8-28
avahi: before 0.8-28

SB2026041133 - openEuler 24.03 LTS SP3 update for avahi

Breakdown by Severity

Description

Remediation

References

Please verify you're human