[Security Announce] [ MDKSA-2007:003 ] - Updated avahi packages fix DoS vulnerability
Posted on: 01/09/2007 12:25 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:003
http://www.mandriva.com/security/
_______________________________________________________________________

Package : avahi
Date : January 8, 2007
Affected: 2007.0
_______________________________________________________________________

Problem Description:

The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16
allows remote attackers to cause a denial of service (infinite loop)
via a crafted compressed DNS response with a label that points to
itself.

Updated packages are patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6870
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
3d85bef8519f2b3bc87fa4689c9f1c3c 2007.0/i586/avahi-0.6.13-4.2mdv2007.0.i586.rpm
4d3917128ec852b8f2bc87c5b5d8666a 2007.0/i586/avahi-dnsconfd-0.6.13-4.2mdv2007.0.i586.rpm
4edbbf9d64e96b142568b053f04c6616 2007.0/i586/avahi-python-0.6.13-4.2mdv2007.0.i586.rpm
4d712e30c2fbd4418f3fcf5b6d1b4c0c 2007.0/i586/avahi-sharp-0.6.13-4.2mdv2007.0.i586.rpm
880684acb045144595581fb339136930 2007.0/i586/avahi-x11-0.6.13-4.2mdv2007.0.i586.rpm
652be4f82f97c1524a6d0f2986b2cdeb 2007.0/i586/libavahi-client3-0.6.13-4.2mdv2007.0.i586.rpm
0cda97099767a99a24bfa7055ce2c841 2007.0/i586/libavahi-client3-devel-0.6.13-4.2mdv2007.0.i586.rpm
aa8c01ebe391edb965ec3ef278601bb1 2007.0/i586/libavahi-common3-0.6.13-4.2mdv2007.0.i586.rpm
23fec0b43f0d2f287023cc8262034488 2007.0/i586/libavahi-common3-devel-0.6.13-4.2mdv2007.0.i586.rpm
0bf0ec7072425a530a426b117d625845 2007.0/i586/libavahi-compat-howl0-0.6.13-4.2mdv2007.0.i586.rpm
2d4aca55b435b5b586c8157bd00e298c 2007.0/i586/libavahi-compat-howl0-devel-0.6.13-4.2mdv2007.0.i586.rpm
491e90b47e58faa7f1136756c2eb56b1 2007.0/i586/libavahi-compat-libdns_sd1-0.6.13-4.2mdv2007.0.i586.rpm
821a9132a8b03b05a5efab32be3addd5 2007.0/i586/libavahi-compat-libdns_sd1-devel-0.6.13-4.2mdv2007.0.i586.rpm
7f602260a514a21a2211cabd22c1e6aa 2007.0/i586/libavahi-core4-0.6.13-4.2mdv2007.0.i586.rpm
ffa377ad89f47e07112d94400698bbae 2007.0/i586/libavahi-core4-devel-0.6.13-4.2mdv2007.0.i586.rpm
01dc5e308f1e94f8fda051511ba470b1 2007.0/i586/libavahi-glib1-0.6.13-4.2mdv2007.0.i586.rpm
4a90fb91f7a5ff1ca36cbdb9375dd2b2 2007.0/i586/libavahi-glib1-devel-0.6.13-4.2mdv2007.0.i586.rpm
00e29620a63da300e1032c8f37c7837f 2007.0/i586/libavahi-qt3_1-0.6.13-4.2mdv2007.0.i586.rpm
01a5534cccae9a70a1ba915a38a82952 2007.0/i586/libavahi-qt3_1-devel-0.6.13-4.2mdv2007.0.i586.rpm
acfec3f7a3d07f6dc07a449f4d1387a3 2007.0/i586/libavahi-qt4_1-0.6.13-4.2mdv2007.0.i586.rpm
d1b583ff8eda500d3058da1138ab8407 2007.0/i586/libavahi-qt4_1-devel-0.6.13-4.2mdv2007.0.i586.rpm
40e5ad83bf3a3064c1bccf229a5c6bbf 2007.0/SRPMS/avahi-0.6.13-4.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
75a40fbced632bdc8babb3709f01f294 2007.0/x86_64/avahi-0.6.13-4.2mdv2007.0.x86_64.rpm
e17b41b7649c696a747ec06b430e688a 2007.0/x86_64/avahi-dnsconfd-0.6.13-4.2mdv2007.0.x86_64.rpm
6186acf41ae8f0466158c9baeb46b688 2007.0/x86_64/avahi-python-0.6.13-4.2mdv2007.0.x86_64.rpm
a810ca0d5eefc79882a2922c4d2b1819 2007.0/x86_64/avahi-sharp-0.6.13-4.2mdv2007.0.x86_64.rpm
ad25b467a05edd773045c4710dfe3802 2007.0/x86_64/avahi-x11-0.6.13-4.2mdv2007.0.x86_64.rpm
8ca2ef2791379beec855af78a4c9ddc6 2007.0/x86_64/lib64avahi-client3-0.6.13-4.2mdv2007.0.x86_64.rpm
45217f18c88ce547cb1a7376e97e3567 2007.0/x86_64/lib64avahi-client3-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
453dbcd08a1fe2413e32cac3b5cb2f11 2007.0/x86_64/lib64avahi-common3-0.6.13-4.2mdv2007.0.x86_64.rpm
fadf1a660490adcf1c47f4ea3d42ba33 2007.0/x86_64/lib64avahi-common3-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
4247e04c65d855d36e5273bed281b463 2007.0/x86_64/lib64avahi-compat-howl0-0.6.13-4.2mdv2007.0.x86_64.rpm
f0cb08bf33d91165d5298223de11f026 2007.0/x86_64/lib64avahi-compat-howl0-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
6652bacf267ea46b4d06a6bed7d504b8 2007.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.13-4.2mdv2007.0.x86_64.rpm
69600fd816780de31621c4b5e86a4644 2007.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
587258202393cd826826a94af80cbe17 2007.0/x86_64/lib64avahi-core4-0.6.13-4.2mdv2007.0.x86_64.rpm
9b048c8a6dfbc0c42bc088fa6983fe7b 2007.0/x86_64/lib64avahi-core4-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
332e5e3e44ac035cef0d03b26b5d1d6c 2007.0/x86_64/lib64avahi-glib1-0.6.13-4.2mdv2007.0.x86_64.rpm
cfeda3f7394c4cd28074cc393cdb140d 2007.0/x86_64/lib64avahi-glib1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
b95bec83a950e8ac19ab9d10b24052cd 2007.0/x86_64/lib64avahi-qt3_1-0.6.13-4.2mdv2007.0.x86_64.rpm
be3469df6e708ee450de14911c60d617 2007.0/x86_64/lib64avahi-qt3_1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
1ccbdfd8ca4f491ef0463da7681ad502 2007.0/x86_64/lib64avahi-qt4_1-0.6.13-4.2mdv2007.0.x86_64.rpm
871d9ba7088fb9eb9140d80c4de8bd62 2007.0/x86_64/lib64avahi-qt4_1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
40e5ad83bf3a3064c1bccf229a5c6bbf 2007.0/SRPMS/avahi-0.6.13-4.2mdv2007.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFopVamqjQ0CJFipgRArOeAJ4yZxJt1MHArdrYfFh7QnVxcbLIxQCgrn5t
EPbDKc7LyTDcaHap7saFt+0=
=WcNi
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007003__updated_avahi_packages_fix_dos_vulnerability.html)