From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1690-1 [email protected] http://www.debian.org/security/ Florian Weimer December 22, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : avahi
Vulnerability : assert errors
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-3372 CVE-2008-5081
Debian Bug : 508700

Two denial of service conditions were discovered in avahi, a Multicast
DNS implementation.

Huge Dias discovered that the avahi daemon aborts with an assert error
if it encounters a UDP packet with source port 0 (CVE-2008-5081).

It was discovered that the avahi daemon aborts with an assert error if
it receives an empty TXT record over D-Bus (CVE-2007-3372).

For the stable distribution (etch), these problems have been fixed in
version 0.6.16-3etch2.

For the unstable distribution (sid), these problems have been fixed in
version 0.6.23-3.

We recommend that you upgrade your avahi packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/a/avahi/avahi_0.6.16-3etch2.dsc
Size/MD5 checksum: 1570 8ebff455c9264d5dbee95ab9577378e5
http://security.debian.org/pool/updates/main/a/avahi/avahi_0.6.16.orig.tar.gz
Size/MD5 checksum: 891970 3cbc460bbd55bae35f7b57443c063640
http://security.debian.org/pool/updates/main/a/avahi/avahi_0.6.16-3etch2.diff.gz
Size/MD5 checksum: 19735 a44b3f5fec53e6316da43c6a3b442e8c

Architecture independent packages:

http://security.debian.org/pool/updates/main/a/avahi/avahi-discover_0.6.16-3etch2_all.deb
Size/MD5 checksum: 25370 340795bc9ca2e64e801fddaac6d7a8bf
http://security.debian.org/pool/updates/main/a/avahi/python-avahi_0.6.16-3etch2_all.deb
Size/MD5 checksum: 25652 d6cf860ba2a5f8a098976473782c2a83

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/a/avahi/libavahi-core4_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 106662 3fbdf722dfb11e2c4a1b17cefb7ea6b8
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 40364 f4b2ea3da302452e2a9cbd4379daa26c
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 23236 b05daf8a7a7b981dac5be1dd7e252913
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 27876 2056bc73e28aef4de30a9fa6f3bd6281
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 26886 1163c86061b5a4eec1eec373d35992ea
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 69410 bd94273184beb53cafb16fabfe8df360
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 59406 2590be33f54a8cb30734813b32187b60
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 32158 adbfd269dbc193711191cfc263732116
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 24982 6ef2e7c31116934bd7799239ea834662
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 39680 68b046de883b7e4a6b3251b9b0806a54
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 190518 e82fd413940e3c5b4df71504295912d3
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 80352 cb5ab982034883bd47faa500fc7f8aa6
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 25702 019fbb7d0668482101bcbdb54e3a49b7
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 29382 785a026351cc4ed289d6abb939eaafaa
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 45044 aca2b939624cbf22b2562fae405a6996
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 64010 d0cf4e59a93ccc42d7ed4f3877e4dc14
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 34164 ecc7e8f47701a32382703785fe5f9491
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 27868 04564fbd11c4150d2e1b6cb0fbc22cea
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 65540 ec965810133a4ab5546702af49d3f678
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 44190 fd1f6ea45614a3d5922507c66d9b8898
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.16-3etch2_alpha.deb
Size/MD5 checksum: 41910 3232185589d641841f471581bc7efbb7

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.16-3etch2_amd64.deb
Size/MD5 checksum: 25402 513e95ad6c2fb87c8316de0f21a958c0
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.16-3etch2_amd64.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)