Otkriven sigurnosni nedostatak paketa avahi

U programskom paketu avahi otkriven je sigurnosni nedostatak. Spomenuti paket implementira DNS Service Discovery i Multicast DNS specifikaciju. Nedostatak je otkriven u datoteci "avahi-core/socket.c" gdje dolazi do neispravnog rukovanja praznim mDNS (eng. multicast DNS) paketima. Slanjem praznog mDNS UDP paketa na priključnicu 5353, udaljeni napadač može izvesti napad uskraćivanjem usluga (DoS napad). Kako bi otklonili opisani nedostatak, korisnicima se savjetuje korištenje službene programske zakrpe.

CentOS Errata and Security Advisory 2011:0436 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0436.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
eaa18c4146ee6a0d6bb4bf9760a9b2b5  avahi-0.6.16-10.el5_6.i386.rpm
1f27d25834e49ff5522a5db706ea4f0b  avahi-0.6.16-10.el5_6.x86_64.rpm
1152f1c6486558195ce0c87a587b73b9  avahi-compat-howl-0.6.16-10.el5_6.i386.rpm
3d7aeb3165bd1e0b47f31eca60e6fd72  avahi-compat-howl-0.6.16-10.el5_6.x86_64.rpm
2825563911db9a9a0c1243187e9ee7fe 
avahi-compat-howl-devel-0.6.16-10.el5_6.i386.rpm
c0aaee2d5341e83674af871d45c5458c 
avahi-compat-howl-devel-0.6.16-10.el5_6.x86_64.rpm
70b5241146e6a64be79f136b1f646a31 
avahi-compat-libdns_sd-0.6.16-10.el5_6.i386.rpm
97c44bf55e2324cf4b090e99f4da78a5 
avahi-compat-libdns_sd-0.6.16-10.el5_6.x86_64.rpm
222475175d0b6934075daccf1ece1f13 
avahi-compat-libdns_sd-devel-0.6.16-10.el5_6.i386.rpm
8f94a996e6462eeaf435a1277a9fdd57 
avahi-compat-libdns_sd-devel-0.6.16-10.el5_6.x86_64.rpm
f81d1532f3419bd9a670bb0049fa40e5  avahi-devel-0.6.16-10.el5_6.i386.rpm
c6c53189f0d38ae178987dfac7db3e22  avahi-devel-0.6.16-10.el5_6.x86_64.rpm
3bd2eaf701c83c9de46edafc8df5d469  avahi-glib-0.6.16-10.el5_6.i386.rpm
062cf9578143716dd575461963276b01  avahi-glib-0.6.16-10.el5_6.x86_64.rpm
6b3588a83cc45ca9f9748e5a8963411a  avahi-glib-devel-0.6.16-10.el5_6.i386.rpm
756ce09ab9567af28c72d63eedd8226b  avahi-glib-devel-0.6.16-10.el5_6.x86_64.rpm
0aee641747fd96429bbe2895e324a613  avahi-qt3-0.6.16-10.el5_6.i386.rpm
f0e8fb145a49028c48f3c1ffb309930d  avahi-qt3-0.6.16-10.el5_6.x86_64.rpm
f34fd7a5a19192e1903486286b400b23  avahi-qt3-devel-0.6.16-10.el5_6.i386.rpm
fd0e17785a9adb797d8e26fd4f71d5f4  avahi-qt3-devel-0.6.16-10.el5_6.x86_64.rpm
8b1cb60df6abe8308ce57dd614517169  avahi-tools-0.6.16-10.el5_6.x86_64.rpm

Source:
48f3e80dc181d8d70aa485051018f9ba  avahi-0.6.16-10.el5_6.src.rpm


-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce

Otkriven sigurnosni nedostatak paketa avahi

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti