lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1H42aN-0006T0-I8@artemis.annvix.ca>
Date: Mon, 08 Jan 2007 15:03:19 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:003 ] - Updated avahi packages fix
	DoS vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:003
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : avahi
 Date    : January 8, 2007
 Affected: 2007.0
 _______________________________________________________________________
 
 Problem Description:
 
 The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16
 allows remote attackers to cause a denial of service (infinite loop)
 via a crafted compressed DNS response with a label that points to
 itself.

 Updated packages are patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6870
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 3d85bef8519f2b3bc87fa4689c9f1c3c  2007.0/i586/avahi-0.6.13-4.2mdv2007.0.i586.rpm
 4d3917128ec852b8f2bc87c5b5d8666a  2007.0/i586/avahi-dnsconfd-0.6.13-4.2mdv2007.0.i586.rpm
 4edbbf9d64e96b142568b053f04c6616  2007.0/i586/avahi-python-0.6.13-4.2mdv2007.0.i586.rpm
 4d712e30c2fbd4418f3fcf5b6d1b4c0c  2007.0/i586/avahi-sharp-0.6.13-4.2mdv2007.0.i586.rpm
 880684acb045144595581fb339136930  2007.0/i586/avahi-x11-0.6.13-4.2mdv2007.0.i586.rpm
 652be4f82f97c1524a6d0f2986b2cdeb  2007.0/i586/libavahi-client3-0.6.13-4.2mdv2007.0.i586.rpm
 0cda97099767a99a24bfa7055ce2c841  2007.0/i586/libavahi-client3-devel-0.6.13-4.2mdv2007.0.i586.rpm
 aa8c01ebe391edb965ec3ef278601bb1  2007.0/i586/libavahi-common3-0.6.13-4.2mdv2007.0.i586.rpm
 23fec0b43f0d2f287023cc8262034488  2007.0/i586/libavahi-common3-devel-0.6.13-4.2mdv2007.0.i586.rpm
 0bf0ec7072425a530a426b117d625845  2007.0/i586/libavahi-compat-howl0-0.6.13-4.2mdv2007.0.i586.rpm
 2d4aca55b435b5b586c8157bd00e298c  2007.0/i586/libavahi-compat-howl0-devel-0.6.13-4.2mdv2007.0.i586.rpm
 491e90b47e58faa7f1136756c2eb56b1  2007.0/i586/libavahi-compat-libdns_sd1-0.6.13-4.2mdv2007.0.i586.rpm
 821a9132a8b03b05a5efab32be3addd5  2007.0/i586/libavahi-compat-libdns_sd1-devel-0.6.13-4.2mdv2007.0.i586.rpm
 7f602260a514a21a2211cabd22c1e6aa  2007.0/i586/libavahi-core4-0.6.13-4.2mdv2007.0.i586.rpm
 ffa377ad89f47e07112d94400698bbae  2007.0/i586/libavahi-core4-devel-0.6.13-4.2mdv2007.0.i586.rpm
 01dc5e308f1e94f8fda051511ba470b1  2007.0/i586/libavahi-glib1-0.6.13-4.2mdv2007.0.i586.rpm
 4a90fb91f7a5ff1ca36cbdb9375dd2b2  2007.0/i586/libavahi-glib1-devel-0.6.13-4.2mdv2007.0.i586.rpm
 00e29620a63da300e1032c8f37c7837f  2007.0/i586/libavahi-qt3_1-0.6.13-4.2mdv2007.0.i586.rpm
 01a5534cccae9a70a1ba915a38a82952  2007.0/i586/libavahi-qt3_1-devel-0.6.13-4.2mdv2007.0.i586.rpm
 acfec3f7a3d07f6dc07a449f4d1387a3  2007.0/i586/libavahi-qt4_1-0.6.13-4.2mdv2007.0.i586.rpm
 d1b583ff8eda500d3058da1138ab8407  2007.0/i586/libavahi-qt4_1-devel-0.6.13-4.2mdv2007.0.i586.rpm 
 40e5ad83bf3a3064c1bccf229a5c6bbf  2007.0/SRPMS/avahi-0.6.13-4.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 75a40fbced632bdc8babb3709f01f294  2007.0/x86_64/avahi-0.6.13-4.2mdv2007.0.x86_64.rpm
 e17b41b7649c696a747ec06b430e688a  2007.0/x86_64/avahi-dnsconfd-0.6.13-4.2mdv2007.0.x86_64.rpm
 6186acf41ae8f0466158c9baeb46b688  2007.0/x86_64/avahi-python-0.6.13-4.2mdv2007.0.x86_64.rpm
 a810ca0d5eefc79882a2922c4d2b1819  2007.0/x86_64/avahi-sharp-0.6.13-4.2mdv2007.0.x86_64.rpm
 ad25b467a05edd773045c4710dfe3802  2007.0/x86_64/avahi-x11-0.6.13-4.2mdv2007.0.x86_64.rpm
 8ca2ef2791379beec855af78a4c9ddc6  2007.0/x86_64/lib64avahi-client3-0.6.13-4.2mdv2007.0.x86_64.rpm
 45217f18c88ce547cb1a7376e97e3567  2007.0/x86_64/lib64avahi-client3-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 453dbcd08a1fe2413e32cac3b5cb2f11  2007.0/x86_64/lib64avahi-common3-0.6.13-4.2mdv2007.0.x86_64.rpm
 fadf1a660490adcf1c47f4ea3d42ba33  2007.0/x86_64/lib64avahi-common3-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 4247e04c65d855d36e5273bed281b463  2007.0/x86_64/lib64avahi-compat-howl0-0.6.13-4.2mdv2007.0.x86_64.rpm
 f0cb08bf33d91165d5298223de11f026  2007.0/x86_64/lib64avahi-compat-howl0-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 6652bacf267ea46b4d06a6bed7d504b8  2007.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.13-4.2mdv2007.0.x86_64.rpm
 69600fd816780de31621c4b5e86a4644  2007.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 587258202393cd826826a94af80cbe17  2007.0/x86_64/lib64avahi-core4-0.6.13-4.2mdv2007.0.x86_64.rpm
 9b048c8a6dfbc0c42bc088fa6983fe7b  2007.0/x86_64/lib64avahi-core4-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 332e5e3e44ac035cef0d03b26b5d1d6c  2007.0/x86_64/lib64avahi-glib1-0.6.13-4.2mdv2007.0.x86_64.rpm
 cfeda3f7394c4cd28074cc393cdb140d  2007.0/x86_64/lib64avahi-glib1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 b95bec83a950e8ac19ab9d10b24052cd  2007.0/x86_64/lib64avahi-qt3_1-0.6.13-4.2mdv2007.0.x86_64.rpm
 be3469df6e708ee450de14911c60d617  2007.0/x86_64/lib64avahi-qt3_1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 1ccbdfd8ca4f491ef0463da7681ad502  2007.0/x86_64/lib64avahi-qt4_1-0.6.13-4.2mdv2007.0.x86_64.rpm
 871d9ba7088fb9eb9140d80c4de8bd62  2007.0/x86_64/lib64avahi-qt4_1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm 
 40e5ad83bf3a3064c1bccf229a5c6bbf  2007.0/SRPMS/avahi-0.6.13-4.2mdv2007.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFopVamqjQ0CJFipgRArOeAJ4yZxJt1MHArdrYfFh7QnVxcbLIxQCgrn5t
EPbDKc7LyTDcaHap7saFt+0=
=WcNi
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ