#1132712 avahi: CVE-2026-34933

Package:
src:avahi
Source:
src:avahi
Submitter:
Salvatore Bonaccorso
Date:
2026-05-13 02:49:11 UTC
Severity:
normal
Tags:
#1132712#5
Date:
2026-04-04 15:12:35 UTC
From:
To:
Hi,

The following vulnerability was published for avahi.

CVE-2026-34933[0]:
| Avahi is a system which facilitates service discovery on a local
| network via the mDNS/DNS-SD protocol suite. Prior to version
| 0.9-rc4, any unprivileged local user can crash avahi-daemon by
| sending a single D-Bus method call with conflicting publish flags.
| This issue has been patched in version 0.9-rc4.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-34933
https://www.cve.org/CVERecord?id=CVE-2026-34933
[1] https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc
[2] https://github.com/avahi/avahi/pull/891

Regards,
Salvatore