From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2086-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
August 04, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : avahi
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0758 CVE-2010-2244

Several vulnerabilities have been discovered in the Avahi mDNS/DNS-SD
daemon. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2009-0758

Rob Leslie discovered a denial of service vulnerability in the
code used to reflect unicast mDNS traffic.

CVE-2010-2244

Ludwig Nussel discovered a denial of service vulnerability in
the processing of malformed DNS packets.

For the stable distribution (lenny), this problem has been fixed in
version 0.6.23-3lenny2.

For the unstable distribution (sid), these problems have been fixed in
version 0.6.26-1.

We recommend that you upgrade your Avahi packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/a/avahi/avahi_0.6.23.orig.tar.gz
Size/MD5 checksum: 1104410 aab1a304851d8145ea5f6a85c10af9e9
http://security.debian.org/pool/updates/main/a/avahi/avahi_0.6.23-3lenny2.diff.gz
Size/MD5 checksum: 30974 f61a700480e9a26d91076923a5f07e4d
http://security.debian.org/pool/updates/main/a/avahi/avahi_0.6.23-3lenny2.dsc
Size/MD5 checksum: 2319 e0e18cae129c74514565cd120b15acb2

Architecture independent packages:

http://security.debian.org/pool/updates/main/a/avahi/python-avahi_0.6.23-3lenny2_all.deb
Size/MD5 checksum: 29456 b94b301976fa60d9b602f7a966500a9f
http://security.debian.org/pool/updates/main/a/avahi/avahi-discover_0.6.23-3lenny2_all.deb
Size/MD5 checksum: 36672 dc16c7988c893da9213b9ebb62ead46e

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 35324 e16e057a8c198560d1afbf16425a7b0e
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 89922 c8f116727b706a4048f253ff8d791f33
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject0_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 44908 3f331f1f9ebbf3a7c1da2c89e235fc0f
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 201096 eb5b6738fa319bfdb74a0f503e73f796
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 71408 b2dbc376d1479d774764adab430fc2c5
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 49934 2433df969a6fab9fd24107baf8f82135
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 78288 9389d8cb4787ddc03b84b0a55be4625a
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 39082 d1876ded6eec7250cfc2bc5318ba377d
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 53036 961fa9f3a1042f5d56cd456ad62fa7d4
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui-dev_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 58068 647aeb444433b11c28e1c5dbefd2d538
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 32326 d21a20c31bfa23f68e36ab25c7290efc
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core5_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 118384 43ba606a86d307659e2c251c3fba2938
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui0_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 47008 c403266b42dd288111313d7c8b5c7d76
http://security.debian.org/pool/updates/main/a/avahi/avahi-ui-utils_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 34278 45864830230e0b9ef9e702fcf5e4404b
http://security.debian.org/pool/updates/main/a/avahi/avahi-dbg_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 686554 57f463151e13887c421151f2e4b2609c
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 36842 14c4a1f37301287cb1411d237571e1f9
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 66672 130f052d086d322fad1711f9fefe3ac6
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 50140 5c56cf826e1e8e68cadaa21348f76959
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 49160 38cb361f83981cc967c35e8f222e7b5d
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 53306 21efdaa7fcb87af43f931a1892edd659
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.23-3lenny2_alpha.deb
Size/MD5 checksum: 32380 ea0b7ebe07a9f4c71f2092b93e296b50

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)