Pardus alert 2011-67 (avahi)

From:
    	     
 
Meltem Parmaksız <meltem@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security]  [PLSA 2011-67] Avahi: Denial of Service 
Date:
    	     
 
Tue, 3 May 2011 13:55:39 +0300
Message-ID:
    	     
 
<201105031355.39826.meltem@pardus.org.tr>
Archive-link:
    	     
 
Article, Thread
              
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-67            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-04-07
      Type: Remote
------------------------------------------------------------------------

Summary
=======

A vulnerability has been fixed in Avahi, which allows remote  attackers 
to cause a denial of service 


Description
===========

CVE-2011-1002: 

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote
attackers to cause a denial of service (infinite loop) via an empty IPv4
or IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because
of an incorrect fix for CVE-2010-2244. 


Affected packages:

  Pardus 2009:
    avahi, all before 0.6.25-17-5
  Pardus 2011:
    avahi, all before 0.6.29-26-p11


Resolution
==========

There are update(s) for avahi. You can update them via Package  Manager 
or with a single command from console: 

  Pardus 2009:
    pisi up avahi

  Pardus 2011:
    pisi up avahi


References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=17236
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-...

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security