LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:	Moderate: avahi security update
Issue date:	2010-07-13
CVE Names:	CVE-2009-0758 CVE-2010-2244

A flaw was found in the way the Avahi daemon (avahi-daemon) processed
Multicast DNS (mDNS) packets with corrupted checksums. An attacker on 
the local network could use this flaw to cause avahi-daemon on a target 
system to exit unexpectedly via specially-crafted mDNS packets. 
(CVE-2010-2244)

A flaw was found in the way avahi-daemon processed incoming unicast mDNS
messages. If the mDNS reflector were enabled on a system, an attacker on
the local network could send a specially-crafted unicast mDNS message to
that system, resulting in its avahi-daemon flooding the network with a
multicast packet storm, and consuming a large amount of CPU. Note: The 
mDNS reflector is disabled by default. (CVE-2009-0758)

After installing the update, avahi-daemon will be restarted automatically.

SL 5.x

     SRPMS:
avahi-0.6.16-9.el5_5.src.rpm
     i386:
avahi-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm
avahi-devel-0.6.16-9.el5_5.i386.rpm
avahi-glib-0.6.16-9.el5_5.i386.rpm
avahi-glib-devel-0.6.16-9.el5_5.i386.rpm
avahi-qt3-0.6.16-9.el5_5.i386.rpm
avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm
avahi-tools-0.6.16-9.el5_5.i386.rpm
     x86_64:
avahi-0.6.16-9.el5_5.i386.rpm
avahi-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-howl-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-devel-0.6.16-9.el5_5.i386.rpm
avahi-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-glib-0.6.16-9.el5_5.i386.rpm
avahi-glib-0.6.16-9.el5_5.x86_64.rpm
avahi-glib-devel-0.6.16-9.el5_5.i386.rpm
avahi-glib-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-qt3-0.6.16-9.el5_5.i386.rpm
avahi-qt3-0.6.16-9.el5_5.x86_64.rpm
avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm
avahi-qt3-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-tools-0.6.16-9.el5_5.x86_64.rpm

-Connie Sieh
-Troy Dawson