Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2011:0436
HistoryApr 14, 2011 - 1:41 p.m.

avahi security update

2011-04-1413:41:55
CentOS Project
lists.centos.org
58

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.075

Percentile

94.1%

JSON

CentOS Errata and Security Advisory CESA-2011:0436

Avahi is an implementation of the DNS Service Discovery and Multicast DNS
specifications for Zero Configuration Networking. It facilitates service
discovery on a local network. Avahi and Avahi-aware applications allow you
to plug your computer into a network and, with no configuration, view other
people to chat with, view printers to print to, and find shared files on
other computers.

A flaw was found in the way the Avahi daemon (avahi-daemon) processed
Multicast DNS (mDNS) packets with an empty payload. An attacker on the
local network could use this flaw to cause avahi-daemon on a target system
to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002)

All users are advised to upgrade to these updated packages, which contain
a backported patch to correct this issue. After installing the update,
avahi-daemon will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-April/079455.html
https://lists.centos.org/pipermail/centos-announce/2011-April/079456.html

Affected packages:
avahi
avahi-compat-howl
avahi-compat-howl-devel
avahi-compat-libdns_sd
avahi-compat-libdns_sd-devel
avahi-devel
avahi-glib
avahi-glib-devel
avahi-qt3
avahi-qt3-devel
avahi-tools

Upstream details at:
https://access.redhat.com/errata/RHSA-2011:0436

OSVersionArchitecturePackageVersionFilename
CentOS5i386avahi< 0.6.16-10.el5_6avahi-0.6.16-10.el5_6.i386.rpm
CentOS5i386avahi-compat-howl< 0.6.16-10.el5_6avahi-compat-howl-0.6.16-10.el5_6.i386.rpm
CentOS5i386avahi-compat-howl-devel< 0.6.16-10.el5_6avahi-compat-howl-devel-0.6.16-10.el5_6.i386.rpm
CentOS5i386avahi-compat-libdns_sd< 0.6.16-10.el5_6avahi-compat-libdns_sd-0.6.16-10.el5_6.i386.rpm
CentOS5i386avahi-compat-libdns_sd-devel< 0.6.16-10.el5_6avahi-compat-libdns_sd-devel-0.6.16-10.el5_6.i386.rpm
CentOS5i386avahi-devel< 0.6.16-10.el5_6avahi-devel-0.6.16-10.el5_6.i386.rpm
CentOS5i386avahi-glib< 0.6.16-10.el5_6avahi-glib-0.6.16-10.el5_6.i386.rpm
CentOS5i386avahi-glib-devel< 0.6.16-10.el5_6avahi-glib-devel-0.6.16-10.el5_6.i386.rpm
CentOS5i386avahi-qt3< 0.6.16-10.el5_6avahi-qt3-0.6.16-10.el5_6.i386.rpm
CentOS5i386avahi-qt3-devel< 0.6.16-10.el5_6avahi-qt3-devel-0.6.16-10.el5_6.i386.rpm
Rows per page:
1-10 of 321

Related

openvas 24
veracode 1
nessus 17
oraclelinux 2
debian 1
redhat 2
ubuntu 1
freebsd 1
fedora 2
nvd 2
gentoo 1
securityvulns 2
cvelist 1
cve 2
prion 1
debiancve 1
ubuntucve 1
osv 1
nmap 1
thn 1
openvas
openvas
Mandriva Update for pango MDVSA-2011:040 (pango)
2011-03-07 00:00:00
Debian: Security Advisory (DSA-2174-1)
2011-03-09 00:00:00
Oracle: Security Advisory (ELSA-2011-0779)
2015-10-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:56:03
nessus
nessus
RHEL 5 : avahi (RHSA-2011:0436)
2011-04-13 00:00:00
Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : avahi vulnerability (USN-1084-1)
2011-03-08 00:00:00
openSUSE Security Update : avahi (openSUSE-SU-2011:0149-1)
2011-05-05 00:00:00
oraclelinux
oraclelinux
avahi security update
2011-04-12 00:00:00
avahi security and bug fix update
2011-05-28 00:00:00
debian
debian
[SECURITY] [DSA 2174-1] avahi security update
2011-02-26 15:50:04
redhat
redhat
(RHSA-2011:0436) Moderate: avahi security update
2011-04-12 00:00:00
(RHSA-2011:0779) Moderate: avahi security and bug fix update
2011-05-19 00:00:00
ubuntu
ubuntu
avahi vulnerability
2011-03-07 00:00:00
freebsd
freebsd
avahi -- denial of service
2011-02-21 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: avahi-0.6.29-1.fc15
2011-03-14 05:41:32
[SECURITY] Fedora 14 Update: avahi-0.6.27-8.fc14
2011-09-10 00:26:18
nvd
nvd
CVE-2011-0634
2011-02-22 19:00:01
CVE-2011-1002
2011-02-22 19:00:02
gentoo
gentoo
Avahi: Denial of service
2011-10-22 00:00:00
securityvulns
securityvulns
Avahi DNS server DoS
2011-02-24 00:00:00
[ MDVSA-2011:037 ] avahi
2011-02-24 00:00:00
cvelist
cvelist
CVE-2011-1002
2011-02-22 18:00:00
cve
cve
CVE-2011-0634
2011-02-22 19:00:01
CVE-2011-1002
2011-02-22 19:00:02
prion
prion
Code injection
2011-02-22 19:00:00
debiancve
debiancve
CVE-2011-1002
2011-02-22 19:00:02
ubuntucve
ubuntucve
CVE-2011-1002
2011-02-22 00:00:00
osv
osv
avahi-0.6.32-2.3 on GA media
2024-06-15 00:00:00
nmap
nmap
broadcast-avahi-dos NSE Script
2011-05-02 23:38:18
thn
thn
Nmap 5.59 BETA1 - 40 new NSE scripts & improved IPv6
2011-07-01 11:41:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.075

Percentile

94.1%

JSON
Related for CESA-2011:0436
openvas24veracode1nessus17oraclelinux2debian1redhat2ubuntu1freebsd1fedora2nvd2gentoo1securityvulns2cvelist1cve2prion1debiancve1ubuntucve1osv1nmap1thn1