[Security Announce] [ MDKSA-2006:215 ] - Updated avahi packages fix netlink vulnerability
Posted on: 11/20/2006 11:35 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:215
http://www.mandriva.com/security/
_______________________________________________________________________

Package : avahi
Date : November 20, 2006
Affected: 2007.0
_______________________________________________________________________

Problem Description:

Steve Grubb discovered that netlink messages were not being checked for
their sender identity. This could lead to local users manipulating the
Avahi service.

Packages have been patched to correct this issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5461
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
8b8082eb0c550bfa56e1ab6df6c26224 2007.0/i586/avahi-0.6.13-4.1mdv2007.0.i586.rpm
54b76c1c12ed46b8e5983e1f71eb9b06 2007.0/i586/avahi-dnsconfd-0.6.13-4.1mdv2007.0.i586.rpm
8284c933fed872b3e3f5817645c0ef92 2007.0/i586/avahi-python-0.6.13-4.1mdv2007.0.i586.rpm
dbb80e6511092bb8f1c6d0d6a06c6abf 2007.0/i586/avahi-sharp-0.6.13-4.1mdv2007.0.i586.rpm
d7b2c63469f8d7e02bd7a2b54e116bbe 2007.0/i586/avahi-x11-0.6.13-4.1mdv2007.0.i586.rpm
f7fa07cccd9dd0830250db788a2a1b81 2007.0/i586/libavahi-client3-0.6.13-4.1mdv2007.0.i586.rpm
eecd18f14552d70f1b18249fe7b1195f 2007.0/i586/libavahi-client3-devel-0.6.13-4.1mdv2007.0.i586.rpm
4bc4663193c8761ffad6fe5e22ef541e 2007.0/i586/libavahi-common3-0.6.13-4.1mdv2007.0.i586.rpm
ebdba95e5e7e8c5a681fc56165ada153 2007.0/i586/libavahi-common3-devel-0.6.13-4.1mdv2007.0.i586.rpm
950af5ad6ac377561ab7179e99aefb55 2007.0/i586/libavahi-compat-howl0-0.6.13-4.1mdv2007.0.i586.rpm
cb102e130142c9838f071136a5b3ec57 2007.0/i586/libavahi-compat-howl0-devel-0.6.13-4.1mdv2007.0.i586.rpm
1b7ef31a64921cb0562c757a9d0528bd 2007.0/i586/libavahi-compat-libdns_sd1-0.6.13-4.1mdv2007.0.i586.rpm
bd9acd313bac2d123926d14aa7db2fb4 2007.0/i586/libavahi-compat-libdns_sd1-devel-0.6.13-4.1mdv2007.0.i586.rpm
14369ebc6ae7a7d0b1b52b4996b3ae0c 2007.0/i586/libavahi-core4-0.6.13-4.1mdv2007.0.i586.rpm
e4e8f50ba75b30f9ff631c3aeefc18af 2007.0/i586/libavahi-core4-devel-0.6.13-4.1mdv2007.0.i586.rpm
13e2a3acd9536e836c3b446af59adeff 2007.0/i586/libavahi-glib1-0.6.13-4.1mdv2007.0.i586.rpm
cfe0b49f30234f8be62b0f3914979523 2007.0/i586/libavahi-glib1-devel-0.6.13-4.1mdv2007.0.i586.rpm
6c9058272513502a4d5980b63a19b530 2007.0/i586/libavahi-qt3_1-0.6.13-4.1mdv2007.0.i586.rpm
d846e199c543903d0ce9eeed2c2e9445 2007.0/i586/libavahi-qt3_1-devel-0.6.13-4.1mdv2007.0.i586.rpm
315e4463187ffc1d5492445af479615d 2007.0/i586/libavahi-qt4_1-0.6.13-4.1mdv2007.0.i586.rpm
606d90de97300ce0a8c648f1ec305ada 2007.0/i586/libavahi-qt4_1-devel-0.6.13-4.1mdv2007.0.i586.rpm
65a7cba76e2824cbab5797b38ed8ccc1 2007.0/SRPMS/avahi-0.6.13-4.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
9b25dad2dbf79d86c8c9c727f61e0a03 2007.0/x86_64/avahi-0.6.13-4.1mdv2007.0.x86_64.rpm
d7a8aabf6ab859767041c9abe20d51cd 2007.0/x86_64/avahi-dnsconfd-0.6.13-4.1mdv2007.0.x86_64.rpm
0117840569b82bddc137b8e78ea5f08b 2007.0/x86_64/avahi-python-0.6.13-4.1mdv2007.0.x86_64.rpm
e9332cffa74eb39a50488471d6ffa193 2007.0/x86_64/avahi-sharp-0.6.13-4.1mdv2007.0.x86_64.rpm
9a84e81be93c4f5609e3fafaf4f0309b 2007.0/x86_64/avahi-x11-0.6.13-4.1mdv2007.0.x86_64.rpm
7f9549b1457023b2b9fe4c2f9c8d2b53 2007.0/x86_64/lib64avahi-client3-0.6.13-4.1mdv2007.0.x86_64.rpm
299db6bd0cf61a35cea1c3753a191694 2007.0/x86_64/lib64avahi-client3-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
3edcf95944dac478d0bc3c804acf833d 2007.0/x86_64/lib64avahi-common3-0.6.13-4.1mdv2007.0.x86_64.rpm
b04bb0a5da39a6eee3b23b96374c1b19 2007.0/x86_64/lib64avahi-common3-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
6fc42297b5fa1253b718a81cbb1d4fd2 2007.0/x86_64/lib64avahi-compat-howl0-0.6.13-4.1mdv2007.0.x86_64.rpm
126c86c305e1e8acf3c6f93a078bf868 2007.0/x86_64/lib64avahi-compat-howl0-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
f5dbb9e0fa82ba39c19c1797391aa5d3 2007.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.13-4.1mdv2007.0.x86_64.rpm
f579c55f1f3c6984a54cae5917156ae6 2007.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
cdf62c1243fe9018809d7135968f12e1 2007.0/x86_64/lib64avahi-core4-0.6.13-4.1mdv2007.0.x86_64.rpm
6bee1aa33a4f7dfd58db568c29936482 2007.0/x86_64/lib64avahi-core4-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
750eef176729afa38c61b5688047cb5e 2007.0/x86_64/lib64avahi-glib1-0.6.13-4.1mdv2007.0.x86_64.rpm
83cd5fc0401ae0dc0b39f0e905938889 2007.0/x86_64/lib64avahi-glib1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
53341592e5ab2b187367e1c673030a60 2007.0/x86_64/lib64avahi-qt3_1-0.6.13-4.1mdv2007.0.x86_64.rpm
3b001c78e6e8a5e8caf4b8edb9382a33 2007.0/x86_64/lib64avahi-qt3_1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
92e05b16be7967c540d54cb19770a692 2007.0/x86_64/lib64avahi-qt4_1-0.6.13-4.1mdv2007.0.x86_64.rpm
dc322609350d49ee527b3e59679b2b79 2007.0/x86_64/lib64avahi-qt4_1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
65a7cba76e2824cbab5797b38ed8ccc1 2007.0/SRPMS/avahi-0.6.13-4.1mdv2007.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFYfLXmqjQ0CJFipgRAnyUAKC7GK9iIC+EPXXGmBjaUDGDZbhEOQCcCmTQ
3KvNIOuCeXVz6wN6shJ/0r0=
=/63F
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006215__updated_avahi_packages_fix_netlink_vulnerability.html)