LWN.net Logo

Advertisement

Writers Wanted

Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2008-11351 (avahi)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 10 Update: avahi-0.6.22-12.fc10


Date:
    	      Wed, 07 Jan 2009 09:33:13 +0000


Message-ID:
    	      <20090107093314.21FD4188018@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-11351
2008-12-17 03:33:20
--------------------------------------------------------------------------------

Name        : avahi
Product     : Fedora 10
Version     : 0.6.22
Release     : 12.fc10
URL         : http://avahi.org
Summary     : Local network service discovery
Description :
Avahi is a system which facilitates service discovery on
a local network -- this means that you can plug your laptop or
computer into a network and instantly be able to view other people who
you can chat with, find printers to print to or find files being
shared. This kind of technology is already found in MacOS X (branded
'Rendezvous', 'Bonjour' and sometimes 'ZeroConf') and is very
convenient.

--------------------------------------------------------------------------------
Update Information:

This version includes five patches backported from the recently released 0.6.24:
- A trivial security fix for CVE-2008-5081, rhbz 475964.    - A trivial fix for
the threaded event loop, avahi bts #251    - A trivial fix unbreaking the
--force-bind logic of avahi-autoipd, avahi bts #209    - A trivial fix to make
sure we never end up with an invalid IP address in avahi-autoipd, avahi bts #231
- A trivial change to include the host name of the sender when we receive bogus
mDNS packets, rhbz #438013    All changes are "trivial", i.e. very simple in
nature.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Dec 14 2008 Lennart Poettering <lpoetter@redhat.com> - 0.6.22-12
- Fix a couple of issues, rhbz #475394, avahi bts #209, rhbz #438013, avahi bts
    All backported from upstream 0.6.24
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #475964 - CVE-2008-5081 avahi: avahi-daemon DoS (application abort) via packet with
source port 0
        https://bugzilla.redhat.com/show_bug.cgi?id=475964
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update avahi' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds