lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 20 Nov 2006 14:25:00 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2006:215 ] - Updated avahi packages fix
	netlink vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:215
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : avahi
 Date    : November 20, 2006
 Affected: 2007.0
 _______________________________________________________________________
 
 Problem Description:
 
 Steve Grubb discovered that netlink messages were not being checked for
 their sender identity.  This could lead to local users manipulating the
 Avahi service.

 Packages have been patched to correct this issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5461
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 8b8082eb0c550bfa56e1ab6df6c26224  2007.0/i586/avahi-0.6.13-4.1mdv2007.0.i586.rpm
 54b76c1c12ed46b8e5983e1f71eb9b06  2007.0/i586/avahi-dnsconfd-0.6.13-4.1mdv2007.0.i586.rpm
 8284c933fed872b3e3f5817645c0ef92  2007.0/i586/avahi-python-0.6.13-4.1mdv2007.0.i586.rpm
 dbb80e6511092bb8f1c6d0d6a06c6abf  2007.0/i586/avahi-sharp-0.6.13-4.1mdv2007.0.i586.rpm
 d7b2c63469f8d7e02bd7a2b54e116bbe  2007.0/i586/avahi-x11-0.6.13-4.1mdv2007.0.i586.rpm
 f7fa07cccd9dd0830250db788a2a1b81  2007.0/i586/libavahi-client3-0.6.13-4.1mdv2007.0.i586.rpm
 eecd18f14552d70f1b18249fe7b1195f  2007.0/i586/libavahi-client3-devel-0.6.13-4.1mdv2007.0.i586.rpm
 4bc4663193c8761ffad6fe5e22ef541e  2007.0/i586/libavahi-common3-0.6.13-4.1mdv2007.0.i586.rpm
 ebdba95e5e7e8c5a681fc56165ada153  2007.0/i586/libavahi-common3-devel-0.6.13-4.1mdv2007.0.i586.rpm
 950af5ad6ac377561ab7179e99aefb55  2007.0/i586/libavahi-compat-howl0-0.6.13-4.1mdv2007.0.i586.rpm
 cb102e130142c9838f071136a5b3ec57  2007.0/i586/libavahi-compat-howl0-devel-0.6.13-4.1mdv2007.0.i586.rpm
 1b7ef31a64921cb0562c757a9d0528bd  2007.0/i586/libavahi-compat-libdns_sd1-0.6.13-4.1mdv2007.0.i586.rpm
 bd9acd313bac2d123926d14aa7db2fb4  2007.0/i586/libavahi-compat-libdns_sd1-devel-0.6.13-4.1mdv2007.0.i586.rpm
 14369ebc6ae7a7d0b1b52b4996b3ae0c  2007.0/i586/libavahi-core4-0.6.13-4.1mdv2007.0.i586.rpm
 e4e8f50ba75b30f9ff631c3aeefc18af  2007.0/i586/libavahi-core4-devel-0.6.13-4.1mdv2007.0.i586.rpm
 13e2a3acd9536e836c3b446af59adeff  2007.0/i586/libavahi-glib1-0.6.13-4.1mdv2007.0.i586.rpm
 cfe0b49f30234f8be62b0f3914979523  2007.0/i586/libavahi-glib1-devel-0.6.13-4.1mdv2007.0.i586.rpm
 6c9058272513502a4d5980b63a19b530  2007.0/i586/libavahi-qt3_1-0.6.13-4.1mdv2007.0.i586.rpm
 d846e199c543903d0ce9eeed2c2e9445  2007.0/i586/libavahi-qt3_1-devel-0.6.13-4.1mdv2007.0.i586.rpm
 315e4463187ffc1d5492445af479615d  2007.0/i586/libavahi-qt4_1-0.6.13-4.1mdv2007.0.i586.rpm
 606d90de97300ce0a8c648f1ec305ada  2007.0/i586/libavahi-qt4_1-devel-0.6.13-4.1mdv2007.0.i586.rpm 
 65a7cba76e2824cbab5797b38ed8ccc1  2007.0/SRPMS/avahi-0.6.13-4.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 9b25dad2dbf79d86c8c9c727f61e0a03  2007.0/x86_64/avahi-0.6.13-4.1mdv2007.0.x86_64.rpm
 d7a8aabf6ab859767041c9abe20d51cd  2007.0/x86_64/avahi-dnsconfd-0.6.13-4.1mdv2007.0.x86_64.rpm
 0117840569b82bddc137b8e78ea5f08b  2007.0/x86_64/avahi-python-0.6.13-4.1mdv2007.0.x86_64.rpm
 e9332cffa74eb39a50488471d6ffa193  2007.0/x86_64/avahi-sharp-0.6.13-4.1mdv2007.0.x86_64.rpm
 9a84e81be93c4f5609e3fafaf4f0309b  2007.0/x86_64/avahi-x11-0.6.13-4.1mdv2007.0.x86_64.rpm
 7f9549b1457023b2b9fe4c2f9c8d2b53  2007.0/x86_64/lib64avahi-client3-0.6.13-4.1mdv2007.0.x86_64.rpm
 299db6bd0cf61a35cea1c3753a191694  2007.0/x86_64/lib64avahi-client3-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 3edcf95944dac478d0bc3c804acf833d  2007.0/x86_64/lib64avahi-common3-0.6.13-4.1mdv2007.0.x86_64.rpm
 b04bb0a5da39a6eee3b23b96374c1b19  2007.0/x86_64/lib64avahi-common3-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 6fc42297b5fa1253b718a81cbb1d4fd2  2007.0/x86_64/lib64avahi-compat-howl0-0.6.13-4.1mdv2007.0.x86_64.rpm
 126c86c305e1e8acf3c6f93a078bf868  2007.0/x86_64/lib64avahi-compat-howl0-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 f5dbb9e0fa82ba39c19c1797391aa5d3  2007.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.13-4.1mdv2007.0.x86_64.rpm
 f579c55f1f3c6984a54cae5917156ae6  2007.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 cdf62c1243fe9018809d7135968f12e1  2007.0/x86_64/lib64avahi-core4-0.6.13-4.1mdv2007.0.x86_64.rpm
 6bee1aa33a4f7dfd58db568c29936482  2007.0/x86_64/lib64avahi-core4-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 750eef176729afa38c61b5688047cb5e  2007.0/x86_64/lib64avahi-glib1-0.6.13-4.1mdv2007.0.x86_64.rpm
 83cd5fc0401ae0dc0b39f0e905938889  2007.0/x86_64/lib64avahi-glib1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 53341592e5ab2b187367e1c673030a60  2007.0/x86_64/lib64avahi-qt3_1-0.6.13-4.1mdv2007.0.x86_64.rpm
 3b001c78e6e8a5e8caf4b8edb9382a33  2007.0/x86_64/lib64avahi-qt3_1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 92e05b16be7967c540d54cb19770a692  2007.0/x86_64/lib64avahi-qt4_1-0.6.13-4.1mdv2007.0.x86_64.rpm
 dc322609350d49ee527b3e59679b2b79  2007.0/x86_64/lib64avahi-qt4_1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm 
 65a7cba76e2824cbab5797b38ed8ccc1  2007.0/SRPMS/avahi-0.6.13-4.1mdv2007.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFYfLXmqjQ0CJFipgRAnyUAKC7GK9iIC+EPXXGmBjaUDGDZbhEOQCcCmTQ
3KvNIOuCeXVz6wN6shJ/0r0=
=/63F
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists