Advisories | Mandriva

Navigation

Package name	avahi
Date	January 8th, 2007
Advisory ID	MDKSA-2007:003
Affected versions	2007.0

Problem Description

The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16
allows remote attackers to cause a denial of service (infinite loop)
via a crafted compressed DNS response with a label that points to
itself.

Updated packages are patched to address this issue.

Updated Packages

Mandriva Linux 2007

 3d85bef8519f2b3bc87fa4689c9f1c3c  2007.0/i586/avahi-0.6.13-4.2mdv2007.0.i586.rpm
 4d3917128ec852b8f2bc87c5b5d8666a  2007.0/i586/avahi-dnsconfd-0.6.13-4.2mdv2007.0.i586.rpm
 4edbbf9d64e96b142568b053f04c6616  2007.0/i586/avahi-python-0.6.13-4.2mdv2007.0.i586.rpm
 4d712e30c2fbd4418f3fcf5b6d1b4c0c  2007.0/i586/avahi-sharp-0.6.13-4.2mdv2007.0.i586.rpm
 880684acb045144595581fb339136930  2007.0/i586/avahi-x11-0.6.13-4.2mdv2007.0.i586.rpm
 652be4f82f97c1524a6d0f2986b2cdeb  2007.0/i586/libavahi-client3-0.6.13-4.2mdv2007.0.i586.rpm
 0cda97099767a99a24bfa7055ce2c841  2007.0/i586/libavahi-client3-devel-0.6.13-4.2mdv2007.0.i586.rpm
 aa8c01ebe391edb965ec3ef278601bb1  2007.0/i586/libavahi-common3-0.6.13-4.2mdv2007.0.i586.rpm
 23fec0b43f0d2f287023cc8262034488  2007.0/i586/libavahi-common3-devel-0.6.13-4.2mdv2007.0.i586.rpm
 0bf0ec7072425a530a426b117d625845  2007.0/i586/libavahi-compat-howl0-0.6.13-4.2mdv2007.0.i586.rpm
 2d4aca55b435b5b586c8157bd00e298c  2007.0/i586/libavahi-compat-howl0-devel-0.6.13-4.2mdv2007.0.i586.rpm
 491e90b47e58faa7f1136756c2eb56b1  2007.0/i586/libavahi-compat-libdns_sd1-0.6.13-4.2mdv2007.0.i586.rpm
 821a9132a8b03b05a5efab32be3addd5  2007.0/i586/libavahi-compat-libdns_sd1-devel-0.6.13-4.2mdv2007.0.i586.rpm
 7f602260a514a21a2211cabd22c1e6aa  2007.0/i586/libavahi-core4-0.6.13-4.2mdv2007.0.i586.rpm
 ffa377ad89f47e07112d94400698bbae  2007.0/i586/libavahi-core4-devel-0.6.13-4.2mdv2007.0.i586.rpm
 01dc5e308f1e94f8fda051511ba470b1  2007.0/i586/libavahi-glib1-0.6.13-4.2mdv2007.0.i586.rpm
 4a90fb91f7a5ff1ca36cbdb9375dd2b2  2007.0/i586/libavahi-glib1-devel-0.6.13-4.2mdv2007.0.i586.rpm
 00e29620a63da300e1032c8f37c7837f  2007.0/i586/libavahi-qt3_1-0.6.13-4.2mdv2007.0.i586.rpm
 01a5534cccae9a70a1ba915a38a82952  2007.0/i586/libavahi-qt3_1-devel-0.6.13-4.2mdv2007.0.i586.rpm
 acfec3f7a3d07f6dc07a449f4d1387a3  2007.0/i586/libavahi-qt4_1-0.6.13-4.2mdv2007.0.i586.rpm
 d1b583ff8eda500d3058da1138ab8407  2007.0/i586/libavahi-qt4_1-devel-0.6.13-4.2mdv2007.0.i586.rpm 
 40e5ad83bf3a3064c1bccf229a5c6bbf  2007.0/SRPMS/avahi-0.6.13-4.2mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 75a40fbced632bdc8babb3709f01f294  2007.0/x86_64/avahi-0.6.13-4.2mdv2007.0.x86_64.rpm
 e17b41b7649c696a747ec06b430e688a  2007.0/x86_64/avahi-dnsconfd-0.6.13-4.2mdv2007.0.x86_64.rpm
 6186acf41ae8f0466158c9baeb46b688  2007.0/x86_64/avahi-python-0.6.13-4.2mdv2007.0.x86_64.rpm
 a810ca0d5eefc79882a2922c4d2b1819  2007.0/x86_64/avahi-sharp-0.6.13-4.2mdv2007.0.x86_64.rpm
 ad25b467a05edd773045c4710dfe3802  2007.0/x86_64/avahi-x11-0.6.13-4.2mdv2007.0.x86_64.rpm
 8ca2ef2791379beec855af78a4c9ddc6  2007.0/x86_64/lib64avahi-client3-0.6.13-4.2mdv2007.0.x86_64.rpm
 45217f18c88ce547cb1a7376e97e3567  2007.0/x86_64/lib64avahi-client3-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 453dbcd08a1fe2413e32cac3b5cb2f11  2007.0/x86_64/lib64avahi-common3-0.6.13-4.2mdv2007.0.x86_64.rpm
 fadf1a660490adcf1c47f4ea3d42ba33  2007.0/x86_64/lib64avahi-common3-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 4247e04c65d855d36e5273bed281b463  2007.0/x86_64/lib64avahi-compat-howl0-0.6.13-4.2mdv2007.0.x86_64.rpm
 f0cb08bf33d91165d5298223de11f026  2007.0/x86_64/lib64avahi-compat-howl0-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 6652bacf267ea46b4d06a6bed7d504b8  2007.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.13-4.2mdv2007.0.x86_64.rpm
 69600fd816780de31621c4b5e86a4644  2007.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 587258202393cd826826a94af80cbe17  2007.0/x86_64/lib64avahi-core4-0.6.13-4.2mdv2007.0.x86_64.rpm
 9b048c8a6dfbc0c42bc088fa6983fe7b  2007.0/x86_64/lib64avahi-core4-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 332e5e3e44ac035cef0d03b26b5d1d6c  2007.0/x86_64/lib64avahi-glib1-0.6.13-4.2mdv2007.0.x86_64.rpm
 cfeda3f7394c4cd28074cc393cdb140d  2007.0/x86_64/lib64avahi-glib1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 b95bec83a950e8ac19ab9d10b24052cd  2007.0/x86_64/lib64avahi-qt3_1-0.6.13-4.2mdv2007.0.x86_64.rpm
 be3469df6e708ee450de14911c60d617  2007.0/x86_64/lib64avahi-qt3_1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
 1ccbdfd8ca4f491ef0463da7681ad502  2007.0/x86_64/lib64avahi-qt4_1-0.6.13-4.2mdv2007.0.x86_64.rpm
 871d9ba7088fb9eb9140d80c4de8bd62  2007.0/x86_64/lib64avahi-qt4_1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm 
 40e5ad83bf3a3064c1bccf229a5c6bbf  2007.0/SRPMS/avahi-0.6.13-4.2mdv2007.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6870

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.