[Pkg-utopia-maintainers] Bug#614785: Bug#614785: Bug#614785: Bug#614785: avahi-daemon uses 100% of cpu when scanned with nmap (DoS possible?)

[Michael Biebl]

Am 23.02.2011 14:56, schrieb Michael Biebl:
> Am 23.02.2011 14:23, schrieb Alexander Kurtz:
>> Am Mittwoch, den 23.02.2011, 13:58 +0100 schrieb Michael Biebl:
>>> I was able to reproduce this problem on a squeeze system, but not on unstable.
>>>
>>> Can you confirm that?
>>
>> Negative, I tried upgrading avahi-daemon and libavahi-* to the sid
>> versions (0.6.28-3) but the problem is still there.
>>
>> However, I haven't tried a complete upgrade to sid, so the problem may
>> very well be in some third-party package which is fixed in sid.
> 
> As it turns out, this issue is already known:
> 
> http://avahi.org/ticket/325
> https://bugzilla.redhat.com/show_bug.cgi?id=607297
> https://bugzilla.redhat.com/show_bug.cgi?id=667187
> CVE-2011-1002
> 
> The fix is available at
> http://git.0pointer.de/?p=avahi.git;a=commit;h=46109dfec75534fe270c0ab902576f685d5ab3a6
> 
> I could successfully verify that this patch fixes the problem I could reproduce.

A fixed package has been uploaded to unstable and stable-security (squeeze).

Thanks for the bug report.

Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20110223/405ab086/attachment.pgp>