BugTraq
[ GLSA 201110-17 ] Avahi: Denial of Service Oct 22 2011 04:32PM
Tobias Heinlein (keytoaster gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Avahi: Denial of Service
Date: October 22, 2011
Bugs: #335885, #355583
ID: 201110-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities were found in Avahi, allowing for Denial of
Service.

Background
==========

Avahi is a system which facilitates service discovery on a local
network.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/avahi < 0.6.28-r1 >= 0.6.28-r1

Description
===========

Multiple vulnerabilities have been discovered in Avahi. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker could cause a Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Avahi users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/avahi-0.6.28-r1"

References
==========

[ 1 ] CVE-2010-2244
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2244
[ 2 ] CVE-2011-1002
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1002

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201110-17.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJOovALAAoJEByNLmvcM7Duew8P/REMgYPSSKNOYBOtRdkrZBKQ
M8Hb/4LcAjUiCGwQWTf7PmAbAbOq+YyyxP2bhiNgS4BBkMm+f5Z++OJ52Cvdp8Lu
tEXrrrSh+fJbiVm8eECh23gIM0DzbCiqz/kMyM13pE+J4RjizxtjD91FVjuMS8bv
3/sAsLTXop2elt3wWU7FdbNwUVZ+ykuvfO/E8gCogm14xDr2s1e9TNZdE5e02mxR
eSApDvsff0DuPGkX8883gIob+LLD5bgefsNT+N60wOejrYBMCS6hX5yPtu9yd8Zu
nkPEUp+hIw8QsxifUsh+1lBV/TY4bo8WmkrOsUsU+Uz4Up9NxGpGBeGxg8PssJa2
T9T4a1d/oBA12VN7czNkQWzaRTdjDpC0bEqkJQBgF8RanfbGTO0GpqYLB+a59Uy1
GGYIxoQZPzTc6UHEr7Al/6fnjLM8gbZ+oDAppKQSYLt9T0xxgy8/S0Bu+CYXTaZ/
lmWAInuacA4JUICmW2TQ5jdQ33M3OA3FGWGI1JxPxzpNf2lloF5R/65OjFeUaWJO
+yPrRLWZZrJ3valIuYq1Oi8opY0C9vcbDZ5VT74FRpDBaucwuu6Z6FfA2oWi8iff
b2tEjqVtXE27Vl8DCMGZciCXVMQa5+lGV3pogAKT+WCpSRAY0TKISDo/egBUzAkw
vTR/6LgOpfgd53hlzBZ3
=OTRa
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus