CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
99.4%
CentOS Errata and Security Advisory CESA-2009:0013
Avahi is an implementation of the DNS Service Discovery and Multicast DNS
specifications for Zeroconf Networking. It facilitates service discovery on
a local network. Avahi and Avahi-aware applications allow you to plug your
computer into a network and, with no configuration, view other people to
chat with, see printers to print to, and find shared files on other computers.
Hugo Dias discovered a denial of service flaw in avahi-daemon. A remote
attacker on the same local area network (LAN) could send a
specially-crafted mDNS (Multicast DNS) packet that would cause avahi-daemon
to exit unexpectedly due to a failed assertion check. (CVE-2008-5081)
All users are advised to upgrade to these updated packages, which contain a
backported patch which resolves this issue. After installing the update,
avahi-daemon will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-January/077704.html
https://lists.centos.org/pipermail/centos-announce/2009-January/077705.html
Affected packages:
avahi
avahi-compat-howl
avahi-compat-howl-devel
avahi-compat-libdns_sd
avahi-compat-libdns_sd-devel
avahi-devel
avahi-glib
avahi-glib-devel
avahi-qt3
avahi-qt3-devel
avahi-tools
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0013
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | avahi | < 0.6.16-1.el5_2.1 | avahi-0.6.16-1.el5_2.1.i386.rpm |
CentOS | 5 | x86_64 | avahi | < 0.6.16-1.el5_2.1 | avahi-0.6.16-1.el5_2.1.x86_64.rpm |
CentOS | 5 | i386 | avahi-compat-howl | < 0.6.16-1.el5_2.1 | avahi-compat-howl-0.6.16-1.el5_2.1.i386.rpm |
CentOS | 5 | x86_64 | avahi-compat-howl | < 0.6.16-1.el5_2.1 | avahi-compat-howl-0.6.16-1.el5_2.1.x86_64.rpm |
CentOS | 5 | i386 | avahi-compat-howl-devel | < 0.6.16-1.el5_2.1 | avahi-compat-howl-devel-0.6.16-1.el5_2.1.i386.rpm |
CentOS | 5 | x86_64 | avahi-compat-howl-devel | < 0.6.16-1.el5_2.1 | avahi-compat-howl-devel-0.6.16-1.el5_2.1.x86_64.rpm |
CentOS | 5 | i386 | avahi-compat-libdns_sd | < 0.6.16-1.el5_2.1 | avahi-compat-libdns_sd-0.6.16-1.el5_2.1.i386.rpm |
CentOS | 5 | x86_64 | avahi-compat-libdns_sd | < 0.6.16-1.el5_2.1 | avahi-compat-libdns_sd-0.6.16-1.el5_2.1.x86_64.rpm |
CentOS | 5 | i386 | avahi-compat-libdns_sd-devel | < 0.6.16-1.el5_2.1 | avahi-compat-libdns_sd-devel-0.6.16-1.el5_2.1.i386.rpm |
CentOS | 5 | x86_64 | avahi-compat-libdns_sd-devel | < 0.6.16-1.el5_2.1 | avahi-compat-libdns_sd-devel-0.6.16-1.el5_2.1.x86_64.rpm |