Synopsis: Moderate: avahi security update Issue date: 2010-07-13 CVE Names: CVE-2009-0758 CVE-2010-2244 A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially-crafted mDNS packets. (CVE-2010-2244) A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially-crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. (CVE-2009-0758) After installing the update, avahi-daemon will be restarted automatically. SL 5.x SRPMS: avahi-0.6.16-9.el5_5.src.rpm i386: avahi-0.6.16-9.el5_5.i386.rpm avahi-compat-howl-0.6.16-9.el5_5.i386.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm avahi-devel-0.6.16-9.el5_5.i386.rpm avahi-glib-0.6.16-9.el5_5.i386.rpm avahi-glib-devel-0.6.16-9.el5_5.i386.rpm avahi-qt3-0.6.16-9.el5_5.i386.rpm avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm avahi-tools-0.6.16-9.el5_5.i386.rpm x86_64: avahi-0.6.16-9.el5_5.i386.rpm avahi-0.6.16-9.el5_5.x86_64.rpm avahi-compat-howl-0.6.16-9.el5_5.i386.rpm avahi-compat-howl-0.6.16-9.el5_5.x86_64.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.x86_64.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.x86_64.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.x86_64.rpm avahi-devel-0.6.16-9.el5_5.i386.rpm avahi-devel-0.6.16-9.el5_5.x86_64.rpm avahi-glib-0.6.16-9.el5_5.i386.rpm avahi-glib-0.6.16-9.el5_5.x86_64.rpm avahi-glib-devel-0.6.16-9.el5_5.i386.rpm avahi-glib-devel-0.6.16-9.el5_5.x86_64.rpm avahi-qt3-0.6.16-9.el5_5.i386.rpm avahi-qt3-0.6.16-9.el5_5.x86_64.rpm avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm avahi-qt3-devel-0.6.16-9.el5_5.x86_64.rpm avahi-tools-0.6.16-9.el5_5.x86_64.rpm -Connie Sieh -Troy Dawson