USN-7967-1: Avahi vulnerabilities

USN-7967-1: Avahi vulnerabilities

Publication date: 19 January 2026
Overview : Several security issues were fixed in Avahi.

Packages
avahi - IPv4LL network address configuration daemon

Details
It was discovered that Avahi incorrectly terminated when processing browser
records with wide-area disabled. An attacker could possibly use this issue
to cause Avahi to crash, resulting in a denial of service. (CVE-2025-68276)

It was discovered that Avahi incorrectly terminated when processing
unsolicited CNAME records pointing to resource records with short TTLs. An
attacker could possibly use this issue to cause Avahi to crash, resulting
in a denial of service. (CVE-2025-68468)

It was discovered that Avahi incorrectly terminated when processing
unsolicited CNAME records in quick succession. An attacker could possibly
use this issue to cause Avahi to crash, resulting in a denial of service.
(CVE-2025-68471)

Update instructions
In general, a standard system update will make all the necessary changes.

The problem can be corrected by updating your system to the following package versions:

• 25.10 questing avahi-daemon – 0.8-16ubuntu3.1
• 24.04 LTS noble avahi-daemon – 0.8-13ubuntu6.1
• 22.04 LTS jammy avahi-daemon – 0.8-5ubuntu5.4
• 20.04 LTS focal avahi-daemon – 0.7-4ubuntu7.3+esm1
• 18.04 LTS bionic avahi-daemon – 0.7-3.1ubuntu1.3+esm3
• 16.04 LTS xenial avahi-daemon – 0.6.32~rc+dfsg-1ubuntu2.3+esm4
• 14.04 LTS trusty avahi-daemon – 0.6.31-4ubuntu1.3+esm4