OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[ MDKSA-2006:215 ] - Updated avahi packages fix netlink vulnerability

securitymandriva.com
Date: Mon Nov 20 2006 - 15:25:00 CST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory MDKSA-2006:215
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : avahi
 Date : November 20, 2006
 Affected: 2007.0
 _______________________________________________________________________
 
 Problem Description:
 
 Steve Grubb discovered that netlink messages were not being checked for
 their sender identity. This could lead to local users manipulating the
 Avahi service.

 Packages have been patched to correct this issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5461
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 8b8082eb0c550bfa56e1ab6df6c26224 2007.0/i586/avahi-0.6.13-4.1mdv2007.0.i586.rpm
 54b76c1c12ed46b8e5983e1f71eb9b06 2007.0/i586/avahi-dnsconfd-0.6.13-4.1mdv2007.0.i586.rpm
 8284c933fed872b3e3f5817645c0ef92 2007.0/i586/avahi-python-0.6.13-4.1mdv2007.0.i586.rpm
 dbb80e6511092bb8f1c6d0d6a06c6abf 2007.0/i586/avahi-sharp-0.6.13-4.1mdv2007.0.i586.rpm
 d7b2c63469f8d7e02bd7a2b54e116bbe 2007.0/i586/avahi-x11-0.6.13-4.1mdv2007.0.i586.rpm
 f7fa07cccd9dd0830250db788a2a1b81 2007.0/i586/libavahi-client3-0.6.13-4.1mdv2007.0.i586.rpm
 eecd18f14552d70f1b18249fe7b1195f 2007.0/i586/libavahi-client3-devel-0.6.13-4.1mdv2007.0.i586.rpm
 4bc4663193c8761ffad6fe5e22ef541e 2007.0/i586/libavahi-common3-0.6.13-4.1mdv2007.0.i586.rpm
 ebdba95e5e7e8c5a681fc56165ada153 2007.0/i586/libavahi-common3-devel-0.6.13-4.1mdv2007.0.i586.rpm
 950af5ad6ac377561ab7179e99aefb55 2007.0/i586/libavahi-compat-howl0-0.6.13-4.1mdv2007.0.i586.rpm
 cb102e130142c9838f071136a5b3ec57 2007.0/i586/libavahi-compat-howl0-devel-0.6.13-4.1mdv2007.0.i586.rpm
 1b7ef31a64921cb0562c757a9d0528bd 2007.0/i586/libavahi-compat-libdns_sd1-0.6.13-4.1mdv2007.0.i586.rpm
 bd9acd313bac2d123926d14aa7db2fb4 2007.0/i586/libavahi-compat-libdns_sd1-devel-0.6.13-4.1mdv2007.0.i586.rpm
 14369ebc6ae7a7d0b1b52b4996b3ae0c 2007.0/i586/libavahi-core4-0.6.13-4.1mdv2007.0.i586.rpm
 e4e8f50ba75b30f9ff631c3aeefc18af 2007.0/i586/libavahi-core4-devel-0.6.13-4.1mdv2007.0.i586.rpm
 13e2a3acd9536e836c3b446af59adeff 2007.0/i586/libavahi-glib1-0.6.13-4.1mdv2007.0.i586.rpm
 cfe0b49f30234f8be62b0f3914979523 2007.0/i586/libavahi-glib1-devel-0.6.13-4.1mdv2007.0.i586.rpm
 6c9058272513502a4d5980b63a19b530 2007.0/i586/libavahi-qt3_1-0.6.13-4.1mdv2007.0.i586.rpm
 d846e199c543903d0ce9eeed2c2e9445 2007.0/i586/libavahi-qt3_1-devel-0.6.13-4.1mdv2007.0.i586.rpm
 315e4463187ffc1d5492445af479615d 2007.0/i586/libavahi-qt4_1-0.6.13-4.1mdv2007.0.i586.rpm
 606d90de97300ce0a8c648f1ec305ada 2007.0/i586/libavahi-qt4_1-devel-0.6.13-4.1mdv2007.0.i586.rpm
 65a7cba76e2824cbab5797b38ed8ccc1 2007.0/SRPMS/avahi-0.6.13-4.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 9b25dad2dbf79d86c8c9c727f61e0a03 2007.0/x86_64/avahi-0.6.13-4.1mdv2007.0.x86_64.rpm
 d7a8aabf6ab859767041c9abe20d51cd 2007.0/x86_64/avahi-dnsconfd-0.6.13-4.1mdv2007.0.x86_64.rpm
 0117840569b82bddc137b8e78ea5f08b 2007.0/x86_64/avahi-python-0.6.13-4.1mdv2007.0.x86_64.rpm
 e9332cffa74eb39a50488471d6ffa193 2007.0/x86_64/avahi-sharp-0.6.13-4.1mdv2007.0.x86_64.rpm
 9a84e81be93c4f5609e3fafaf4f0309b 2007.0/x86_64/avahi-x11-0.6.13-4.1mdv2007.0.x86_64.rpm
 7f9549b1457023b2b9fe4c2f9c8d2b53 2007.0/x86_64/lib64avahi-client3-0.6.13-4.1mdv2007.0.x86_64.rpm
 299db6bd0cf61a35cea1c3753a191694 2007.0/x86_64/lib64avahi-client3-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 3edcf95944dac478d0bc3c804acf833d 2007.0/x86_64/lib64avahi-common3-0.6.13-4.1mdv2007.0.x86_64.rpm
 b04bb0a5da39a6eee3b23b96374c1b19 2007.0/x86_64/lib64avahi-common3-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 6fc42297b5fa1253b718a81cbb1d4fd2 2007.0/x86_64/lib64avahi-compat-howl0-0.6.13-4.1mdv2007.0.x86_64.rpm
 126c86c305e1e8acf3c6f93a078bf868 2007.0/x86_64/lib64avahi-compat-howl0-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 f5dbb9e0fa82ba39c19c1797391aa5d3 2007.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.13-4.1mdv2007.0.x86_64.rpm
 f579c55f1f3c6984a54cae5917156ae6 2007.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 cdf62c1243fe9018809d7135968f12e1 2007.0/x86_64/lib64avahi-core4-0.6.13-4.1mdv2007.0.x86_64.rpm
 6bee1aa33a4f7dfd58db568c29936482 2007.0/x86_64/lib64avahi-core4-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 750eef176729afa38c61b5688047cb5e 2007.0/x86_64/lib64avahi-glib1-0.6.13-4.1mdv2007.0.x86_64.rpm
 83cd5fc0401ae0dc0b39f0e905938889 2007.0/x86_64/lib64avahi-glib1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 53341592e5ab2b187367e1c673030a60 2007.0/x86_64/lib64avahi-qt3_1-0.6.13-4.1mdv2007.0.x86_64.rpm
 3b001c78e6e8a5e8caf4b8edb9382a33 2007.0/x86_64/lib64avahi-qt3_1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 92e05b16be7967c540d54cb19770a692 2007.0/x86_64/lib64avahi-qt4_1-0.6.13-4.1mdv2007.0.x86_64.rpm
 dc322609350d49ee527b3e59679b2b79 2007.0/x86_64/lib64avahi-qt4_1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm
 65a7cba76e2824cbab5797b38ed8ccc1 2007.0/SRPMS/avahi-0.6.13-4.1mdv2007.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFYfLXmqjQ0CJFipgRAnyUAKC7GK9iIC+EPXXGmBjaUDGDZbhEOQCcCmTQ
3KvNIOuCeXVz6wN6shJ/0r0=
=/63F
-----END PGP SIGNATURE-----