Mandriva Linux Security Advisory - The Avahi daemon in 0.6.20 and previous allows attackers to cause a denial of service via empty TXT data over D-Bus, which triggers an assert error.
2975f9882100605d91b524f1ccf697a2b0e184927a8e9ccc4e9208c694ed6e31
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:185
http://www.mandriva.com/security/
_______________________________________________________________________
Package : avahi
Date : September 17, 2007
Affected: 2007.0, 2007.1
_______________________________________________________________________
Problem Description:
The Avahi daemon in 0.6.20 and previous allows attackers to cause a
denial of service via empty TXT data over D-Bus, which triggers an
assert error.
Updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3372
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
9b42ab7d33f6f3645ffb1d8c10f2b7be 2007.0/i586/avahi-0.6.13-4.3mdv2007.0.i586.rpm
3dd8f44477109b6be1937d027c04334f 2007.0/i586/avahi-dnsconfd-0.6.13-4.3mdv2007.0.i586.rpm
61d1ad9658ee265ace14d11ec319feb3 2007.0/i586/avahi-python-0.6.13-4.3mdv2007.0.i586.rpm
4b2442311c56146a8769d271705835a3 2007.0/i586/avahi-sharp-0.6.13-4.3mdv2007.0.i586.rpm
6c65b69658bf5fba762baceb8d54c618 2007.0/i586/avahi-x11-0.6.13-4.3mdv2007.0.i586.rpm
8974d63f0c51d711c64476f23de79091 2007.0/i586/libavahi-client3-0.6.13-4.3mdv2007.0.i586.rpm
653beb7c63bd95a2ff04420ce45cfb3c 2007.0/i586/libavahi-client3-devel-0.6.13-4.3mdv2007.0.i586.rpm
d57e3395370d334c3d0389b5d27f69ee 2007.0/i586/libavahi-common3-0.6.13-4.3mdv2007.0.i586.rpm
9033a6df7041a041c994cb69615ba62f 2007.0/i586/libavahi-common3-devel-0.6.13-4.3mdv2007.0.i586.rpm
bd4189a93e747941a4b65fb93f7cde38 2007.0/i586/libavahi-compat-howl0-0.6.13-4.3mdv2007.0.i586.rpm
884f7d0baf1af89fe6e3975975555d41 2007.0/i586/libavahi-compat-howl0-devel-0.6.13-4.3mdv2007.0.i586.rpm
1f50ca143a4fbbf6cada79fc4f736c29 2007.0/i586/libavahi-compat-libdns_sd1-0.6.13-4.3mdv2007.0.i586.rpm
b4fbae18da3a0823c073a71b917a36fe 2007.0/i586/libavahi-compat-libdns_sd1-devel-0.6.13-4.3mdv2007.0.i586.rpm
7331d7cde7c5184a0da289639182df6f 2007.0/i586/libavahi-core4-0.6.13-4.3mdv2007.0.i586.rpm
3a5e26980894b846ebf960d5f50d21cc 2007.0/i586/libavahi-core4-devel-0.6.13-4.3mdv2007.0.i586.rpm
b9c5809919acd3fd33c148dfa3c91959 2007.0/i586/libavahi-glib1-0.6.13-4.3mdv2007.0.i586.rpm
d42c43448e010d0b75f561d276402dff 2007.0/i586/libavahi-glib1-devel-0.6.13-4.3mdv2007.0.i586.rpm
c7f30225b0153e555466b6ee37a857d3 2007.0/i586/libavahi-qt3_1-0.6.13-4.3mdv2007.0.i586.rpm
abe726ef80d631e068eef0b73eb1cd76 2007.0/i586/libavahi-qt3_1-devel-0.6.13-4.3mdv2007.0.i586.rpm
263c40aeddc7aa56284dcccd94061b83 2007.0/i586/libavahi-qt4_1-0.6.13-4.3mdv2007.0.i586.rpm
6165066dd59ecd5e965b8cc9a6794b3e 2007.0/i586/libavahi-qt4_1-devel-0.6.13-4.3mdv2007.0.i586.rpm
a078edca8e651bd288b99eb071c477a4 2007.0/SRPMS/avahi-0.6.13-4.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
32bdcbf34c11d3b568660f1269f7739f 2007.0/x86_64/avahi-0.6.13-4.3mdv2007.0.x86_64.rpm
119731a972772a866be55a8a3794d6e8 2007.0/x86_64/avahi-dnsconfd-0.6.13-4.3mdv2007.0.x86_64.rpm
54bb90936d710ffe021eaa327bf906cc 2007.0/x86_64/avahi-python-0.6.13-4.3mdv2007.0.x86_64.rpm
c627d10f177aec68260e96c2fbebf302 2007.0/x86_64/avahi-sharp-0.6.13-4.3mdv2007.0.x86_64.rpm
e03e889615e72e05fa159ca33ce8652f 2007.0/x86_64/avahi-x11-0.6.13-4.3mdv2007.0.x86_64.rpm
0818f91e8d83fc4bffd753218b14b7d8 2007.0/x86_64/lib64avahi-client3-0.6.13-4.3mdv2007.0.x86_64.rpm
f63e399dee05af7c36fd477a2b1965c5 2007.0/x86_64/lib64avahi-client3-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
96e1032970e9a5df235c9457d69f6363 2007.0/x86_64/lib64avahi-common3-0.6.13-4.3mdv2007.0.x86_64.rpm
027aecd334aadac0c7789b6e70ef96c6 2007.0/x86_64/lib64avahi-common3-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
c09888641a61a677cbfad98fe185ce5a 2007.0/x86_64/lib64avahi-compat-howl0-0.6.13-4.3mdv2007.0.x86_64.rpm
b202d3105c17842df5280e220e09eceb 2007.0/x86_64/lib64avahi-compat-howl0-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
06b9daaa3516cfd3a11c852a9704a3b2 2007.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.13-4.3mdv2007.0.x86_64.rpm
0f21e479c3adf79e5f2b85317e0543f1 2007.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
aa9db148a186ca2fcd1d248b555962b2 2007.0/x86_64/lib64avahi-core4-0.6.13-4.3mdv2007.0.x86_64.rpm
3e0b6921ea49c48f7ce07a661cab7547 2007.0/x86_64/lib64avahi-core4-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
482416289f4fa44c9802b496b9d32b43 2007.0/x86_64/lib64avahi-glib1-0.6.13-4.3mdv2007.0.x86_64.rpm
ee224788f649a439cc7da2b8de29944e 2007.0/x86_64/lib64avahi-glib1-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
53c2ccc7e6c378ee9c79847b17038c40 2007.0/x86_64/lib64avahi-qt3_1-0.6.13-4.3mdv2007.0.x86_64.rpm
21d19035cd5e813004f3cc5cff646087 2007.0/x86_64/lib64avahi-qt3_1-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
2519453410006dc4dcd63b3156260dad 2007.0/x86_64/lib64avahi-qt4_1-0.6.13-4.3mdv2007.0.x86_64.rpm
476cf9a62a1fa5aeb5337c87218fca4c 2007.0/x86_64/lib64avahi-qt4_1-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
a078edca8e651bd288b99eb071c477a4 2007.0/SRPMS/avahi-0.6.13-4.3mdv2007.0.src.rpm
Mandriva Linux 2007.1:
c594af2bfa6689a7c1b7f2484a8df77c 2007.1/i586/avahi-0.6.17-1.1mdv2007.1.i586.rpm
e64c0e737ff84c31a8388f3598ece7ad 2007.1/i586/avahi-dnsconfd-0.6.17-1.1mdv2007.1.i586.rpm
35a3d319e3f965f9455348a429cb2a1d 2007.1/i586/avahi-python-0.6.17-1.1mdv2007.1.i586.rpm
7eef255b2b10b533bf0e1c5533231dc7 2007.1/i586/avahi-sharp-0.6.17-1.1mdv2007.1.i586.rpm
e9dde153e07ccb5a787bd09e35504569 2007.1/i586/avahi-sharp-doc-0.6.17-1.1mdv2007.1.i586.rpm
26c0756132d203f7ed537a8dc08b53f7 2007.1/i586/avahi-x11-0.6.17-1.1mdv2007.1.i586.rpm
ad9509ae2da5a5b25a803ba4968e55d6 2007.1/i586/libavahi-client3-0.6.17-1.1mdv2007.1.i586.rpm
afaf9c8cce51732b7d720c6df2ae27ca 2007.1/i586/libavahi-client3-devel-0.6.17-1.1mdv2007.1.i586.rpm
b632147727b3de90fcbb0f6b3e559000 2007.1/i586/libavahi-common3-0.6.17-1.1mdv2007.1.i586.rpm
adc5e726a7b336e1efde4af3cfb39b0c 2007.1/i586/libavahi-common3-devel-0.6.17-1.1mdv2007.1.i586.rpm
e88e78d56ea604fa2d9c532bfe1f3b70 2007.1/i586/libavahi-compat-howl0-0.6.17-1.1mdv2007.1.i586.rpm
7c03e4baeb6428241525f26019b882b1 2007.1/i586/libavahi-compat-howl0-devel-0.6.17-1.1mdv2007.1.i586.rpm
7ee801d00907ce22e2c8a046850383e4 2007.1/i586/libavahi-compat-libdns_sd1-0.6.17-1.1mdv2007.1.i586.rpm
6ff64a5037ad4186f6481e8caf0bd59a 2007.1/i586/libavahi-compat-libdns_sd1-devel-0.6.17-1.1mdv2007.1.i586.rpm
52562b6216a33f8da91cc4516c1f3072 2007.1/i586/libavahi-core5-0.6.17-1.1mdv2007.1.i586.rpm
f7ecaf7c04e3acdb9dac3acd8098b2fb 2007.1/i586/libavahi-core5-devel-0.6.17-1.1mdv2007.1.i586.rpm
00acc02c435ae6b59649f86b0e99d440 2007.1/i586/libavahi-glib1-0.6.17-1.1mdv2007.1.i586.rpm
c44fb1ae2de3123f9dcca4a0b7eb2374 2007.1/i586/libavahi-glib1-devel-0.6.17-1.1mdv2007.1.i586.rpm
b42d69062ad05624b179a02b5efec117 2007.1/i586/libavahi-qt3_1-0.6.17-1.1mdv2007.1.i586.rpm
c2044c5d7cde9e34dacaa18edd9841cb 2007.1/i586/libavahi-qt3_1-devel-0.6.17-1.1mdv2007.1.i586.rpm
74af7ff7ef86b8f9500d1a743dc562b2 2007.1/i586/libavahi-qt4_1-0.6.17-1.1mdv2007.1.i586.rpm
a1aa664366725cbe9fa5fe040556c1fa 2007.1/i586/libavahi-qt4_1-devel-0.6.17-1.1mdv2007.1.i586.rpm
7c8767bcc749046d6425d737a56b8222 2007.1/SRPMS/avahi-0.6.17-1.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
f094a05a552d9ba13dec063d56f1e22c 2007.1/x86_64/avahi-0.6.17-1.1mdv2007.1.x86_64.rpm
39d9b751a7503db9239128d43bd5ad3f 2007.1/x86_64/avahi-dnsconfd-0.6.17-1.1mdv2007.1.x86_64.rpm
5fb282c47d55bbbf2077a63023e0fd1a 2007.1/x86_64/avahi-python-0.6.17-1.1mdv2007.1.x86_64.rpm
9b4dedd7a85d3b3071ac1e8cef4f7525 2007.1/x86_64/avahi-sharp-0.6.17-1.1mdv2007.1.x86_64.rpm
a8f7fac1cde5ae63502903bc8567884f 2007.1/x86_64/avahi-sharp-doc-0.6.17-1.1mdv2007.1.x86_64.rpm
ee64d6cccc9b9d77c0bb1fce91ab4a7d 2007.1/x86_64/avahi-x11-0.6.17-1.1mdv2007.1.x86_64.rpm
ffcc772b531d6154a44981dfb64f523d 2007.1/x86_64/lib64avahi-client3-0.6.17-1.1mdv2007.1.x86_64.rpm
55c345072802eee53ab869aa244ee0cf 2007.1/x86_64/lib64avahi-client3-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
757596964e809446b3609d8171e91073 2007.1/x86_64/lib64avahi-common3-0.6.17-1.1mdv2007.1.x86_64.rpm
2cb6cf729bb97d1c991a4e299e2187f7 2007.1/x86_64/lib64avahi-common3-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
7de3b12c7f083295d77b44bcf519f771 2007.1/x86_64/lib64avahi-compat-howl0-0.6.17-1.1mdv2007.1.x86_64.rpm
2ed4cc31f953e4af55a01caef59fb09f 2007.1/x86_64/lib64avahi-compat-howl0-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
064f583041d5f9c47c1d09f0cead95ff 2007.1/x86_64/lib64avahi-compat-libdns_sd1-0.6.17-1.1mdv2007.1.x86_64.rpm
724f6efdff583868004d68574a69d6b2 2007.1/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
7598dabff5d5c0cc2e72f6985e4f53d5 2007.1/x86_64/lib64avahi-core5-0.6.17-1.1mdv2007.1.x86_64.rpm
957b59e1e063a45e5c7e3f4b149d8574 2007.1/x86_64/lib64avahi-core5-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
00895af428b5fc5d476025b29d823802 2007.1/x86_64/lib64avahi-glib1-0.6.17-1.1mdv2007.1.x86_64.rpm
00049709452921a8f20b12b6818d194a 2007.1/x86_64/lib64avahi-glib1-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
1a7b663e7a2e947a36ae558aa186b63f 2007.1/x86_64/lib64avahi-qt3_1-0.6.17-1.1mdv2007.1.x86_64.rpm
fd3516bd0edd363df92eeb2227a56f41 2007.1/x86_64/lib64avahi-qt3_1-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
c6fe42aa0f2399074a71f59f6dc6f3a2 2007.1/x86_64/lib64avahi-qt4_1-0.6.17-1.1mdv2007.1.x86_64.rpm
ad45ac4f9c46187d8c7281b3b6b70959 2007.1/x86_64/lib64avahi-qt4_1-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
7c8767bcc749046d6425d737a56b8222 2007.1/SRPMS/avahi-0.6.17-1.1mdv2007.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG7tWbmqjQ0CJFipgRAiP1AKCZjplO37tiAECOUJQJKD3m1egJLACeJG2s
NoL5D2xWeLZr3UHltnNyN8A=
=j+tP
-----END PGP SIGNATURE-----