LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

July 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA July 2010

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: avahi on SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Wed, 14 Jul 2010 11:36:52 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (61 lines)

Synopsis:	Moderate: avahi security update
Issue date:	2010-07-13
CVE Names:	CVE-2009-0758 CVE-2010-2244

A flaw was found in the way the Avahi daemon (avahi-daemon) processed
Multicast DNS (mDNS) packets with corrupted checksums. An attacker on 
the local network could use this flaw to cause avahi-daemon on a target 
system to exit unexpectedly via specially-crafted mDNS packets. 
(CVE-2010-2244)

A flaw was found in the way avahi-daemon processed incoming unicast mDNS
messages. If the mDNS reflector were enabled on a system, an attacker on
the local network could send a specially-crafted unicast mDNS message to
that system, resulting in its avahi-daemon flooding the network with a
multicast packet storm, and consuming a large amount of CPU. Note: The 
mDNS reflector is disabled by default. (CVE-2009-0758)

After installing the update, avahi-daemon will be restarted automatically.

SL 5.x

     SRPMS:
avahi-0.6.16-9.el5_5.src.rpm
     i386:
avahi-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm
avahi-devel-0.6.16-9.el5_5.i386.rpm
avahi-glib-0.6.16-9.el5_5.i386.rpm
avahi-glib-devel-0.6.16-9.el5_5.i386.rpm
avahi-qt3-0.6.16-9.el5_5.i386.rpm
avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm
avahi-tools-0.6.16-9.el5_5.i386.rpm
     x86_64:
avahi-0.6.16-9.el5_5.i386.rpm
avahi-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-howl-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-devel-0.6.16-9.el5_5.i386.rpm
avahi-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-glib-0.6.16-9.el5_5.i386.rpm
avahi-glib-0.6.16-9.el5_5.x86_64.rpm
avahi-glib-devel-0.6.16-9.el5_5.i386.rpm
avahi-glib-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-qt3-0.6.16-9.el5_5.i386.rpm
avahi-qt3-0.6.16-9.el5_5.x86_64.rpm
avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm
avahi-qt3-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-tools-0.6.16-9.el5_5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV