USN402-1 : Avahi vulnerability
|
|
Article ID: 27990
Last updated: 27 Jan, 2009
|
|
|
|
Views: 203
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
USN402-1 : Avahi vulnerability |
|
| Ubuntu Security Notice (C) 2007 Canonical, Inc. / NASL script (C) 2007 Tenable Network Security, Inc. |
|
|
| Family | Ubuntu Local Security Checks |
| Plugin ID | 27990 |
| Bugtraq ID |
|
| CVE ID | CVE-2006-6870
|
|
| Description: |
Synopsis :
These remote packages are missing security patches :
- avahi-daemon
- avahi-discover
- avahi-dnsconfd
- avahi-utils
- libavahi-cil
- libavahi-client-dev
- libavahi-client1
- libavahi-client3
- libavahi-common-data
- libavahi-common-dev
- libavahi-common0
- libavahi-common3
- libavahi-compat-howl-dev
- libavahi-compat-howl0
- libavahi-compat-libdnssd-dev
- libavahi-compat-libdnssd1
- libavahi-core-dev
- libavahi-core1
- libavahi-core4
- libavahi-glib-dev
- libavahi-glib0
- libavahi-glib
[...]
Description :
A flaw was discovered in Avahis handling of compressed DNS packets. If
a specially crafted reply were received over the network, the Avahi
daemon would go into an infinite loop, causing a denial of service.
Solution :
Upgrade to :
- avahi-daemon-0.6.13-2ubuntu2.4 (Ubuntu 6.10)
- avahi-discover-0.6.13-2ubuntu2.4 (Ubuntu 6.10)
- avahi-dnsconfd-0.6.13-2ubuntu2.4 (Ubuntu 6.10)
- avahi-utils-0.6.13-2ubuntu2.4 (Ubuntu 6.10)
- libavahi-cil-0.6.10-0ubuntu3.4 (Ubuntu 6.06)
- libavahi-client-dev-0.6.13-2ubuntu2.4 (Ubuntu 6.10)
- libavahi-client1-0.5.2-1ubuntu1.4 (Ubuntu 5.10)
- libavahi-client3-0.6.13-2ubuntu2.4 (Ubuntu 6.10)
- libavahi-common-data-0.6.13-2ubuntu2.4 (Ubuntu 6.10)
- libavahi-common-dev-0.6.13-2ubuntu2.4 (Ubuntu 6
[...]
Risk factor : High
|
|
