{"affected":[{"ecosystem_specific":{"binaries":[{"python-avahi":"0.6.32-5.13.1","python-avahi-gtk":"0.6.32-5.13.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"avahi","purl":"pkg:rpm/opensuse/avahi&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.6.32-5.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python-avahi":"0.6.32-5.13.1","python-avahi-gtk":"0.6.32-5.13.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"avahi-glib2","purl":"pkg:rpm/opensuse/avahi-glib2&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.6.32-5.13.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for avahi fixes the following issues:\n\n- CVE-2021-3468: avoid infinite loop by handling  HUP event in client_work (bsc#1184521).\n- CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh (bsc#1180827)\n- Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d.\n- Add sudo to requires: used to drop privileges.\n","id":"openSUSE-SU-2021:1845-1","modified":"2021-07-11T05:49:43Z","published":"2021-07-11T05:49:43Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YAJ7F7M4LLALLHLSQR7PD7HCTVHGAFMX/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1180827"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184521"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-26720"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3468"}],"related":["CVE-2021-26720","CVE-2021-3468"],"summary":"Security update for avahi","upstream":["CVE-2021-26720","CVE-2021-3468"]}