[Pkg-utopia-maintainers] avahi stable update for CVE-2009-0758

Nico Golde nion at debian.org
Sun Apr 26 13:40:50 UTC 2009


Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for avahi some time ago.

CVE-2009-0758[0]:
| The originates_from_local_legacy_unicast_socket function in
| avahi-core/server.c in avahi-daemon 0.6.23 does not account for the
| network byte order of a port number when processing incoming multicast
| packets, which allows remote attackers to cause a denial of service
| (network bandwidth and CPU consumption) via a crafted legacy unicast
| mDNS query packet that triggers a multicast packet storm.

Unfortunately the vulnerability described above is not important enough
to get it fixed via regular security update in Debian stable. It does
not warrant a DSA.

This is Debian bug #517683.

However it would be nice if this could get fixed via a regular point update[1].
Please contact the release team for this.

This is an automatically generated mail, in case you are already working on an
upgrade this is of course pointless.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0758
[1] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20090426/bf44d998/attachment.pgp>


More information about the Pkg-utopia-maintainers mailing list