[SECURITY] [DSA 2174-1] avahi security update

2011-02-2615:50:04

lists.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

9.2

Confidence

High

EPSS

0.075

Percentile

94.1%

JSON

Debian Security Advisory DSA-2174-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
February 26, 2011 http://www.debian.org/security/faq

Package : avahi
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1002
Debian Bug : 614785

It was discovered that avahi, an implementation of the zeroconf protocol,
can be crashed remotely by a single UDP packet, which may result in a
denial of service.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.6.23-3lenny3.

For the stable distribution (squeeze), this problem has been fixed in
version 0.6.27-2+squeeze1.

For the testing (wheezy) and unstable distribution (sid), this problem
has been fixed in version 0.6.28-4.

We recommend that you upgrade your avahi packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6armellibavahi-core7< 0.6.27-2+squeeze1libavahi-core7_0.6.27-2+squeeze1_armel.deb
Debian5alphaavahi-ui-utils< 0.6.23-3lenny3avahi-ui-utils_0.6.23-3lenny3_alpha.deb
Debian5amd64libavahi-core-dev< 0.6.23-3lenny3libavahi-core-dev_0.6.23-3lenny3_amd64.deb
Debian5alphalibavahi-ui-dev< 0.6.23-3lenny3libavahi-ui-dev_0.6.23-3lenny3_alpha.deb
Debian5i386libavahi-common-dev< 0.6.23-3lenny3libavahi-common-dev_0.6.23-3lenny3_i386.deb
Debian5hppalibavahi-qt4-1< 0.6.23-3lenny3libavahi-qt4-1_0.6.23-3lenny3_hppa.deb
Debian5mipslibavahi-compat-howl-dev< 0.6.23-3lenny3libavahi-compat-howl-dev_0.6.23-3lenny3_mips.deb
Debian5alphalibavahi-qt3-1< 0.6.23-3lenny3libavahi-qt3-1_0.6.23-3lenny3_alpha.deb
Debian5armlibavahi-qt4-1< 0.6.23-3lenny3libavahi-qt4-1_0.6.23-3lenny3_arm.deb
Debian5armelavahi-autoipd< 0.6.23-3lenny3avahi-autoipd_0.6.23-3lenny3_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	armel	libavahi-core7	< 0.6.27-2+squeeze1	libavahi-core7_0.6.27-2+squeeze1_armel.deb
Debian	5	alpha	avahi-ui-utils	< 0.6.23-3lenny3	avahi-ui-utils_0.6.23-3lenny3_alpha.deb
Debian	5	amd64	libavahi-core-dev	< 0.6.23-3lenny3	libavahi-core-dev_0.6.23-3lenny3_amd64.deb
Debian	5	alpha	libavahi-ui-dev	< 0.6.23-3lenny3	libavahi-ui-dev_0.6.23-3lenny3_alpha.deb
Debian	5	i386	libavahi-common-dev	< 0.6.23-3lenny3	libavahi-common-dev_0.6.23-3lenny3_i386.deb
Debian	5	hppa	libavahi-qt4-1	< 0.6.23-3lenny3	libavahi-qt4-1_0.6.23-3lenny3_hppa.deb
Debian	5	mips	libavahi-compat-howl-dev	< 0.6.23-3lenny3	libavahi-compat-howl-dev_0.6.23-3lenny3_mips.deb
Debian	5	alpha	libavahi-qt3-1	< 0.6.23-3lenny3	libavahi-qt3-1_0.6.23-3lenny3_alpha.deb
Debian	5	arm	libavahi-qt4-1	< 0.6.23-3lenny3	libavahi-qt4-1_0.6.23-3lenny3_arm.deb
Debian	5	armel	avahi-autoipd	< 0.6.23-3lenny3	avahi-autoipd_0.6.23-3lenny3_armel.deb