Home / mailingsPDF  

[USN-7967-1] Avahi vulnerabilities

Posted on 19 January 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7967-1
January 19, 2026

avahi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Avahi.

Software Description:
- avahi: IPv4LL network address configuration daemon

Details:

It was discovered that Avahi incorrectly terminated when processing browser
records with wide-area disabled. An attacker could possibly use this issue
to cause Avahi to crash, resulting in a denial of service. (CVE-2025-68276)

It was discovered that Avahi incorrectly terminated when processing
unsolicited CNAME records pointing to resource records with short TTLs. An
attacker could possibly use this issue to cause Avahi to crash, resulting
in a denial of service. (CVE-2025-68468)

It was discovered that Avahi incorrectly terminated when processing
unsolicited CNAME records in quick succession. An attacker could possibly
use this issue to cause Avahi to crash, resulting in a denial of service.
(CVE-2025-68471)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
avahi-daemon 0.8-16ubuntu3.1

Ubuntu 24.04 LTS
avahi-daemon 0.8-13ubuntu6.1

Ubuntu 22.04 LTS
avahi-daemon 0.8-5ubuntu5.4

Ubuntu 20.04 LTS
avahi-daemon 0.7-4ubuntu7.3+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
avahi-daemon 0.7-3.1ubuntu1.3+esm3
Available with Ubuntu Pro

Ubuntu 16.04 LTS
avahi-daemon 0.6.32~rc+dfsg-1ubuntu2.3+esm4
Available with Ubuntu Pro

Ubuntu 14.04 LTS
avahi-daemon 0.6.31-4ubuntu1.3+esm4
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7967-1
CVE-2025-68276, CVE-2025-68468, CVE-2025-68471

Package Information:
https://launchpad.net/ubuntu/+source/avahi/0.8-16ubuntu3.1
https://launchpad.net/ubuntu/+source/avahi/0.8-13ubuntu6.1
https://launchpad.net/ubuntu/+source/avahi/0.8-5ubuntu5.4

--===============0792407954869976782==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :