-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:185 http://www.mandriva.com/security/ _______________________________________________________________________ Package : avahi Date : September 17, 2007 Affected: 2007.0, 2007.1 _______________________________________________________________________ Problem Description: The Avahi daemon in 0.6.20 and previous allows attackers to cause a denial of service via empty TXT data over D-Bus, which triggers an assert error. Updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3372 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 9b42ab7d33f6f3645ffb1d8c10f2b7be 2007.0/i586/avahi-0.6.13-4.3mdv2007.0.i586.rpm 3dd8f44477109b6be1937d027c04334f 2007.0/i586/avahi-dnsconfd-0.6.13-4.3mdv2007.0.i586.rpm 61d1ad9658ee265ace14d11ec319feb3 2007.0/i586/avahi-python-0.6.13-4.3mdv2007.0.i586.rpm 4b2442311c56146a8769d271705835a3 2007.0/i586/avahi-sharp-0.6.13-4.3mdv2007.0.i586.rpm 6c65b69658bf5fba762baceb8d54c618 2007.0/i586/avahi-x11-0.6.13-4.3mdv2007.0.i586.rpm 8974d63f0c51d711c64476f23de79091 2007.0/i586/libavahi-client3-0.6.13-4.3mdv2007.0.i586.rpm 653beb7c63bd95a2ff04420ce45cfb3c 2007.0/i586/libavahi-client3-devel-0.6.13-4.3mdv2007.0.i586.rpm d57e3395370d334c3d0389b5d27f69ee 2007.0/i586/libavahi-common3-0.6.13-4.3mdv2007.0.i586.rpm 9033a6df7041a041c994cb69615ba62f 2007.0/i586/libavahi-common3-devel-0.6.13-4.3mdv2007.0.i586.rpm bd4189a93e747941a4b65fb93f7cde38 2007.0/i586/libavahi-compat-howl0-0.6.13-4.3mdv2007.0.i586.rpm 884f7d0baf1af89fe6e3975975555d41 2007.0/i586/libavahi-compat-howl0-devel-0.6.13-4.3mdv2007.0.i586.rpm 1f50ca143a4fbbf6cada79fc4f736c29 2007.0/i586/libavahi-compat-libdns_sd1-0.6.13-4.3mdv2007.0.i586.rpm b4fbae18da3a0823c073a71b917a36fe 2007.0/i586/libavahi-compat-libdns_sd1-devel-0.6.13-4.3mdv2007.0.i586.rpm 7331d7cde7c5184a0da289639182df6f 2007.0/i586/libavahi-core4-0.6.13-4.3mdv2007.0.i586.rpm 3a5e26980894b846ebf960d5f50d21cc 2007.0/i586/libavahi-core4-devel-0.6.13-4.3mdv2007.0.i586.rpm b9c5809919acd3fd33c148dfa3c91959 2007.0/i586/libavahi-glib1-0.6.13-4.3mdv2007.0.i586.rpm d42c43448e010d0b75f561d276402dff 2007.0/i586/libavahi-glib1-devel-0.6.13-4.3mdv2007.0.i586.rpm c7f30225b0153e555466b6ee37a857d3 2007.0/i586/libavahi-qt3_1-0.6.13-4.3mdv2007.0.i586.rpm abe726ef80d631e068eef0b73eb1cd76 2007.0/i586/libavahi-qt3_1-devel-0.6.13-4.3mdv2007.0.i586.rpm 263c40aeddc7aa56284dcccd94061b83 2007.0/i586/libavahi-qt4_1-0.6.13-4.3mdv2007.0.i586.rpm 6165066dd59ecd5e965b8cc9a6794b3e 2007.0/i586/libavahi-qt4_1-devel-0.6.13-4.3mdv2007.0.i586.rpm a078edca8e651bd288b99eb071c477a4 2007.0/SRPMS/avahi-0.6.13-4.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 32bdcbf34c11d3b568660f1269f7739f 2007.0/x86_64/avahi-0.6.13-4.3mdv2007.0.x86_64.rpm 119731a972772a866be55a8a3794d6e8 2007.0/x86_64/avahi-dnsconfd-0.6.13-4.3mdv2007.0.x86_64.rpm 54bb90936d710ffe021eaa327bf906cc 2007.0/x86_64/avahi-python-0.6.13-4.3mdv2007.0.x86_64.rpm c627d10f177aec68260e96c2fbebf302 2007.0/x86_64/avahi-sharp-0.6.13-4.3mdv2007.0.x86_64.rpm e03e889615e72e05fa159ca33ce8652f 2007.0/x86_64/avahi-x11-0.6.13-4.3mdv2007.0.x86_64.rpm 0818f91e8d83fc4bffd753218b14b7d8 2007.0/x86_64/lib64avahi-client3-0.6.13-4.3mdv2007.0.x86_64.rpm f63e399dee05af7c36fd477a2b1965c5 2007.0/x86_64/lib64avahi-client3-devel-0.6.13-4.3mdv2007.0.x86_64.rpm 96e1032970e9a5df235c9457d69f6363 2007.0/x86_64/lib64avahi-common3-0.6.13-4.3mdv2007.0.x86_64.rpm 027aecd334aadac0c7789b6e70ef96c6 2007.0/x86_64/lib64avahi-common3-devel-0.6.13-4.3mdv2007.0.x86_64.rpm c09888641a61a677cbfad98fe185ce5a 2007.0/x86_64/lib64avahi-compat-howl0-0.6.13-4.3mdv2007.0.x86_64.rpm b202d3105c17842df5280e220e09eceb 2007.0/x86_64/lib64avahi-compat-howl0-devel-0.6.13-4.3mdv2007.0.x86_64.rpm 06b9daaa3516cfd3a11c852a9704a3b2 2007.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.13-4.3mdv2007.0.x86_64.rpm 0f21e479c3adf79e5f2b85317e0543f1 2007.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.13-4.3mdv2007.0.x86_64.rpm aa9db148a186ca2fcd1d248b555962b2 2007.0/x86_64/lib64avahi-core4-0.6.13-4.3mdv2007.0.x86_64.rpm 3e0b6921ea49c48f7ce07a661cab7547 2007.0/x86_64/lib64avahi-core4-devel-0.6.13-4.3mdv2007.0.x86_64.rpm 482416289f4fa44c9802b496b9d32b43 2007.0/x86_64/lib64avahi-glib1-0.6.13-4.3mdv2007.0.x86_64.rpm ee224788f649a439cc7da2b8de29944e 2007.0/x86_64/lib64avahi-glib1-devel-0.6.13-4.3mdv2007.0.x86_64.rpm 53c2ccc7e6c378ee9c79847b17038c40 2007.0/x86_64/lib64avahi-qt3_1-0.6.13-4.3mdv2007.0.x86_64.rpm 21d19035cd5e813004f3cc5cff646087 2007.0/x86_64/lib64avahi-qt3_1-devel-0.6.13-4.3mdv2007.0.x86_64.rpm 2519453410006dc4dcd63b3156260dad 2007.0/x86_64/lib64avahi-qt4_1-0.6.13-4.3mdv2007.0.x86_64.rpm 476cf9a62a1fa5aeb5337c87218fca4c 2007.0/x86_64/lib64avahi-qt4_1-devel-0.6.13-4.3mdv2007.0.x86_64.rpm a078edca8e651bd288b99eb071c477a4 2007.0/SRPMS/avahi-0.6.13-4.3mdv2007.0.src.rpm Mandriva Linux 2007.1: c594af2bfa6689a7c1b7f2484a8df77c 2007.1/i586/avahi-0.6.17-1.1mdv2007.1.i586.rpm e64c0e737ff84c31a8388f3598ece7ad 2007.1/i586/avahi-dnsconfd-0.6.17-1.1mdv2007.1.i586.rpm 35a3d319e3f965f9455348a429cb2a1d 2007.1/i586/avahi-python-0.6.17-1.1mdv2007.1.i586.rpm 7eef255b2b10b533bf0e1c5533231dc7 2007.1/i586/avahi-sharp-0.6.17-1.1mdv2007.1.i586.rpm e9dde153e07ccb5a787bd09e35504569 2007.1/i586/avahi-sharp-doc-0.6.17-1.1mdv2007.1.i586.rpm 26c0756132d203f7ed537a8dc08b53f7 2007.1/i586/avahi-x11-0.6.17-1.1mdv2007.1.i586.rpm ad9509ae2da5a5b25a803ba4968e55d6 2007.1/i586/libavahi-client3-0.6.17-1.1mdv2007.1.i586.rpm afaf9c8cce51732b7d720c6df2ae27ca 2007.1/i586/libavahi-client3-devel-0.6.17-1.1mdv2007.1.i586.rpm b632147727b3de90fcbb0f6b3e559000 2007.1/i586/libavahi-common3-0.6.17-1.1mdv2007.1.i586.rpm adc5e726a7b336e1efde4af3cfb39b0c 2007.1/i586/libavahi-common3-devel-0.6.17-1.1mdv2007.1.i586.rpm e88e78d56ea604fa2d9c532bfe1f3b70 2007.1/i586/libavahi-compat-howl0-0.6.17-1.1mdv2007.1.i586.rpm 7c03e4baeb6428241525f26019b882b1 2007.1/i586/libavahi-compat-howl0-devel-0.6.17-1.1mdv2007.1.i586.rpm 7ee801d00907ce22e2c8a046850383e4 2007.1/i586/libavahi-compat-libdns_sd1-0.6.17-1.1mdv2007.1.i586.rpm 6ff64a5037ad4186f6481e8caf0bd59a 2007.1/i586/libavahi-compat-libdns_sd1-devel-0.6.17-1.1mdv2007.1.i586.rpm 52562b6216a33f8da91cc4516c1f3072 2007.1/i586/libavahi-core5-0.6.17-1.1mdv2007.1.i586.rpm f7ecaf7c04e3acdb9dac3acd8098b2fb 2007.1/i586/libavahi-core5-devel-0.6.17-1.1mdv2007.1.i586.rpm 00acc02c435ae6b59649f86b0e99d440 2007.1/i586/libavahi-glib1-0.6.17-1.1mdv2007.1.i586.rpm c44fb1ae2de3123f9dcca4a0b7eb2374 2007.1/i586/libavahi-glib1-devel-0.6.17-1.1mdv2007.1.i586.rpm b42d69062ad05624b179a02b5efec117 2007.1/i586/libavahi-qt3_1-0.6.17-1.1mdv2007.1.i586.rpm c2044c5d7cde9e34dacaa18edd9841cb 2007.1/i586/libavahi-qt3_1-devel-0.6.17-1.1mdv2007.1.i586.rpm 74af7ff7ef86b8f9500d1a743dc562b2 2007.1/i586/libavahi-qt4_1-0.6.17-1.1mdv2007.1.i586.rpm a1aa664366725cbe9fa5fe040556c1fa 2007.1/i586/libavahi-qt4_1-devel-0.6.17-1.1mdv2007.1.i586.rpm 7c8767bcc749046d6425d737a56b8222 2007.1/SRPMS/avahi-0.6.17-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: f094a05a552d9ba13dec063d56f1e22c 2007.1/x86_64/avahi-0.6.17-1.1mdv2007.1.x86_64.rpm 39d9b751a7503db9239128d43bd5ad3f 2007.1/x86_64/avahi-dnsconfd-0.6.17-1.1mdv2007.1.x86_64.rpm 5fb282c47d55bbbf2077a63023e0fd1a 2007.1/x86_64/avahi-python-0.6.17-1.1mdv2007.1.x86_64.rpm 9b4dedd7a85d3b3071ac1e8cef4f7525 2007.1/x86_64/avahi-sharp-0.6.17-1.1mdv2007.1.x86_64.rpm a8f7fac1cde5ae63502903bc8567884f 2007.1/x86_64/avahi-sharp-doc-0.6.17-1.1mdv2007.1.x86_64.rpm ee64d6cccc9b9d77c0bb1fce91ab4a7d 2007.1/x86_64/avahi-x11-0.6.17-1.1mdv2007.1.x86_64.rpm ffcc772b531d6154a44981dfb64f523d 2007.1/x86_64/lib64avahi-client3-0.6.17-1.1mdv2007.1.x86_64.rpm 55c345072802eee53ab869aa244ee0cf 2007.1/x86_64/lib64avahi-client3-devel-0.6.17-1.1mdv2007.1.x86_64.rpm 757596964e809446b3609d8171e91073 2007.1/x86_64/lib64avahi-common3-0.6.17-1.1mdv2007.1.x86_64.rpm 2cb6cf729bb97d1c991a4e299e2187f7 2007.1/x86_64/lib64avahi-common3-devel-0.6.17-1.1mdv2007.1.x86_64.rpm 7de3b12c7f083295d77b44bcf519f771 2007.1/x86_64/lib64avahi-compat-howl0-0.6.17-1.1mdv2007.1.x86_64.rpm 2ed4cc31f953e4af55a01caef59fb09f 2007.1/x86_64/lib64avahi-compat-howl0-devel-0.6.17-1.1mdv2007.1.x86_64.rpm 064f583041d5f9c47c1d09f0cead95ff 2007.1/x86_64/lib64avahi-compat-libdns_sd1-0.6.17-1.1mdv2007.1.x86_64.rpm 724f6efdff583868004d68574a69d6b2 2007.1/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.17-1.1mdv2007.1.x86_64.rpm 7598dabff5d5c0cc2e72f6985e4f53d5 2007.1/x86_64/lib64avahi-core5-0.6.17-1.1mdv2007.1.x86_64.rpm 957b59e1e063a45e5c7e3f4b149d8574 2007.1/x86_64/lib64avahi-core5-devel-0.6.17-1.1mdv2007.1.x86_64.rpm 00895af428b5fc5d476025b29d823802 2007.1/x86_64/lib64avahi-glib1-0.6.17-1.1mdv2007.1.x86_64.rpm 00049709452921a8f20b12b6818d194a 2007.1/x86_64/lib64avahi-glib1-devel-0.6.17-1.1mdv2007.1.x86_64.rpm 1a7b663e7a2e947a36ae558aa186b63f 2007.1/x86_64/lib64avahi-qt3_1-0.6.17-1.1mdv2007.1.x86_64.rpm fd3516bd0edd363df92eeb2227a56f41 2007.1/x86_64/lib64avahi-qt3_1-devel-0.6.17-1.1mdv2007.1.x86_64.rpm c6fe42aa0f2399074a71f59f6dc6f3a2 2007.1/x86_64/lib64avahi-qt4_1-0.6.17-1.1mdv2007.1.x86_64.rpm ad45ac4f9c46187d8c7281b3b6b70959 2007.1/x86_64/lib64avahi-qt4_1-devel-0.6.17-1.1mdv2007.1.x86_64.rpm 7c8767bcc749046d6425d737a56b8222 2007.1/SRPMS/avahi-0.6.17-1.1mdv2007.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG7tWbmqjQ0CJFipgRAiP1AKCZjplO37tiAECOUJQJKD3m1egJLACeJG2s NoL5D2xWeLZr3UHltnNyN8A= =j+tP -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/