Ubuntu Security Notice 992-1 - It was discovered that Avahi incorrectly handled certain mDNS query packets when the reflector feature is enabled, which is not the default configuration on Ubuntu. A remote attacker could send crafted mDNS queries and perform a denial of service on the server and on the network. This issue only affected Ubuntu 8.04 LTS and 9.04. It was discovered that Avahi incorrectly handled mDNS packets with corrupted checksums. A remote attacker could send crafted mDNS packets and cause Avahi to crash, resulting in a denial of service.
09e2cd8253380d253db464ff65de6908f8c0c9c5eb104564bb7b5a188256981d
Debian Linux Security Advisory 2086-1 - Several vulnerabilities have been discovered in the Avahi mDNS/DNS-SD daemon.
ec0ef8d9ec05d49e7ab895e36f73fa89a6a958f7d291934ccd533bcb7a3fe85b
Gentoo Linux Security Advisory GLSA 200904-10 - An error in Avahi might lead to a Denial of Service via network and CPU consumption. Rob Leslie reported that the originates_from_local_legacy_unicast_socket() function in avahi-core/server.c does not account for the network byte order of a port number when processing incoming multicast packets, leading to a multicast packet storm. Versions less than 0.6.24-r2 are affected.
359beb4037140d4bfa148c609fb007b6ec710cc0ccbfaf3d108ea5ed90e95655
Mandriva Linux Security Advisory 2009-076 - A security vulnerability has been identified and fixed in avahi which could allow remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet. The updated packages have been patched to prevent this.
61581a7abd7cb57bc65d269f87378aa9c5d635376d8e473673f7e16567b03e95