[SECURITY] Fedora Core 5 Update: avahi-0.6.11-3.fc5

Martin Bacovsky mbacovsk at redhat.com
Sun Jan 7 19:20:13 UTC 2007 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-018
2007-01-07
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : avahi
Version     : 0.6.11
Release     : 3.fc5
Summary     : Local network service discovery
Description :
Avahi is a system which facilitates service discovery on
a local network -- this means that you can plug your laptop or
computer into a network and instantly be able to view other people who
you can chat with, find printers to print to or find files being
shared. This kind of technology is already found in MacOS X (branded
'Rendezvous', 'Bonjour' and sometimes 'ZeroConf') and is very
convenient.

---------------------------------------------------------------------
Update Information:

avahi-0.6.11-3.fc5 should fix CVE-2006-6870 - the
consume_labels function in avahi-core/dns.c in Avahi before
0.6.16 allows remote attackers to cause a denial of service
(infinite loop) via a crafted compressed DNS response with a
label that points to itself.
---------------------------------------------------------------------
* Sat Jan  6 2007 Martin Bacovsky <mbacovsk at redhat.com> - 0.6.11-3.fc5
- Resolves: #221726 - CVE-2006-6870 Maliciously crafted packed can DoS avahi daemon
* Tue Nov 28 2006 Martin Bacovsky <mbacovsk at redhat.com> - 0.6.11-2.fc5
- fix bug #216655 - CVE-2006-5461 - avahi did not verify 
  the sender identity of netlink messages
* Mon Jul 17 2006 Jason Vas Dias <jvdias at redhat.com> - 0.6.11-1
- Upgrade to upstream version 0.6.11
- fix bug 195674: set 'use-ipv6=yes' in avahi-daemon.conf
- fix bug 197414: avahi-compat-howl and avahi-compat-dns-sd symlinks
- fix bug 198282: avahi-compat-{howl-devel,dns-sd-devel} Requires:
* Tue Jun 13 2006 Jason Vas Dias <jvdias at redhat.com> - 0.6.10-3
- rebuild for broken mono deps
* Tue Jun  6 2006 Jason Vas Dias <jvdias at redhat.com> - 0.6.10-2
- fix bug 194203: fix permissions on /var/run/avahi-daemon
* Tue May 30 2006 Jason Vas Dias <jvdias at redhat.com> - 0.6.10-1
- Upgrade to upstream version 0.6.10
- fix bug 192080: split avahi-compat-libdns_sd into separate package
                  (same goes for avahi-compat-howl)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

b01dbf83412f1b631396b847e1cb8b310572c2b6  SRPMS/avahi-0.6.11-3.fc5.src.rpm
b01dbf83412f1b631396b847e1cb8b310572c2b6  noarch/avahi-0.6.11-3.fc5.src.rpm
7f925f8323faa20936ea8d96995485f9399a1510  ppc/avahi-qt3-0.6.11-3.fc5.ppc.rpm
7d9c72855552c82b6cd71e0c875574e762c7626b  ppc/avahi-devel-0.6.11-3.fc5.ppc.rpm
a3db6cc323d158698d68f86d8ba78c004cfe2258  ppc/debug/avahi-debuginfo-0.6.11-3.fc5.ppc.rpm
bc5a82fd6caecf5a3fb65047cf429dd5f7528f79  ppc/avahi-compat-howl-devel-0.6.11-3.fc5.ppc.rpm
ea818680bfdfab2ead934e64f9e124c0d4804dff  ppc/avahi-glib-devel-0.6.11-3.fc5.ppc.rpm
e27f3163396568b7b74742316d84e0babb768606  ppc/avahi-0.6.11-3.fc5.ppc.rpm
4d1e24090b6cd9b369795ea17b6d328fdab61d9a  ppc/avahi-compat-libdns_sd-0.6.11-3.fc5.ppc.rpm
217252824665083566a65ed6cdbc33033fbe4499  ppc/avahi-sharp-0.6.11-3.fc5.ppc.rpm
5f40395031b840be55d3527d8e14c318f03a3f70  ppc/avahi-compat-howl-0.6.11-3.fc5.ppc.rpm
bdaf22b561e27213fed12e34a82b1e96a9599b07  ppc/avahi-compat-libdns_sd-devel-0.6.11-3.fc5.ppc.rpm
75f4cabc9c154c516bb0d9bfd9d628853e03f34e  ppc/avahi-tools-0.6.11-3.fc5.ppc.rpm
34e928f003f88e4170a5cd03629e0f971e805b32  ppc/avahi-qt3-devel-0.6.11-3.fc5.ppc.rpm
62377cb9206444dd6d6a4252c0315842331d29b9  ppc/avahi-glib-0.6.11-3.fc5.ppc.rpm
9aa18e9988fbb4ae5b4933a8aafe7ce02ad1d950  x86_64/debug/avahi-debuginfo-0.6.11-3.fc5.x86_64.rpm
9c81cea8f8e7bfa87902333065eee500386ed6bc  x86_64/avahi-compat-howl-0.6.11-3.fc5.x86_64.rpm
ef4aec742161ef0b4654136e7d30869c6c7c5b8b  x86_64/avahi-compat-libdns_sd-devel-0.6.11-3.fc5.x86_64.rpm
e71d4e057ed81bb37a0e110e841952ac74c7c97b  x86_64/avahi-tools-0.6.11-3.fc5.x86_64.rpm
b838b206d627959f0a679a3a7234c3ea1c0ea05c  x86_64/avahi-glib-0.6.11-3.fc5.x86_64.rpm
1e6d80d421a0ddeb080d2c458c12c099ad736ef2  x86_64/avahi-0.6.11-3.fc5.x86_64.rpm
b93177ae822424ca2b30070182bd40673abd81d4  x86_64/avahi-qt3-0.6.11-3.fc5.x86_64.rpm
8ae22542f95a359d4a3fb9a6d083b64e32b03fdd  x86_64/avahi-qt3-devel-0.6.11-3.fc5.x86_64.rpm
11aaa6721bbcea2f5f12fd987659c58d5a87797a  x86_64/avahi-devel-0.6.11-3.fc5.x86_64.rpm
10e3c611deb39c0b227fee31ce1b864027f117d7  x86_64/avahi-compat-libdns_sd-0.6.11-3.fc5.x86_64.rpm
2d311fc29cc57c585be6a7c745d3fb368e952781  x86_64/avahi-sharp-0.6.11-3.fc5.x86_64.rpm
ec28ecefa644d493a8b0eb3b0710637cdc57ca8a  x86_64/avahi-compat-howl-devel-0.6.11-3.fc5.x86_64.rpm
89ec848c906ee0561a6b0e1a88a074f72f9d5e9c  x86_64/avahi-glib-devel-0.6.11-3.fc5.x86_64.rpm
df75711a7b29d309819ddca7b5ba89b7472f6855  i386/avahi-sharp-0.6.11-3.fc5.i386.rpm
9ff37604e6f3ac9982aaf2a0c643423e3ad15cf8  i386/avahi-compat-howl-0.6.11-3.fc5.i386.rpm
292ff2d69694b5031b1d9a6ba33c42e1b07b5a4a  i386/avahi-compat-howl-devel-0.6.11-3.fc5.i386.rpm
8a5cb1da102e9ddd03f8c22b1b48e20e9714ef3b  i386/avahi-glib-devel-0.6.11-3.fc5.i386.rpm
721025866c12cf18dc3019a61b41fdde385351ec  i386/avahi-tools-0.6.11-3.fc5.i386.rpm
bd44fde300294686dd87a6a4bea68af06dc20968  i386/avahi-0.6.11-3.fc5.i386.rpm
07f1f76afde5f0184c0a3182cd9c00b45609ad77  i386/avahi-glib-0.6.11-3.fc5.i386.rpm
8b0943ab980b8329eaf03478d8c2f56293f851d0  i386/avahi-devel-0.6.11-3.fc5.i386.rpm
6b31212d6fdeb03963726b361b847fe267246b04  i386/avahi-qt3-0.6.11-3.fc5.i386.rpm
f6d8143a90419a6fcf639d46c3e170487907cc36  i386/avahi-compat-libdns_sd-0.6.11-3.fc5.i386.rpm
1fdb1ee9276c9110499fcdf61daabb9834543240  i386/avahi-qt3-devel-0.6.11-3.fc5.i386.rpm
2d31df6b26f65db784bc49521bebf89702a963ca  i386/avahi-compat-libdns_sd-devel-0.6.11-3.fc5.i386.rpm
80a926710b2fea263c57649b5c048788f6a40115  i386/debug/avahi-debuginfo-0.6.11-3.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

More information about the Fedora-package-announce mailing list