avahi security update

ID CESA-2009:0013
Type centos
Reporter CentOS Project
Modified 2009-01-14T00:46:56


CentOS Errata and Security Advisory CESA-2009:0013

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zeroconf Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, see printers to print to, and find shared files on other computers.

Hugo Dias discovered a denial of service flaw in avahi-daemon. A remote attacker on the same local area network (LAN) could send a specially-crafted mDNS (Multicast DNS) packet that would cause avahi-daemon to exit unexpectedly due to a failed assertion check. (CVE-2008-5081)

All users are advised to upgrade to these updated packages, which contain a backported patch which resolves this issue. After installing the update, avahi-daemon will be restarted automatically.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2009-January/027580.html http://lists.centos.org/pipermail/centos-announce/2009-January/027581.html

Affected packages: avahi avahi-compat-howl avahi-compat-howl-devel avahi-compat-libdns_sd avahi-compat-libdns_sd-devel avahi-devel avahi-glib avahi-glib-devel avahi-qt3 avahi-qt3-devel avahi-tools

Upstream details at: https://rhn.redhat.com/errata/RHSA-2009-0013.html