-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:215 http://www.mandriva.com/security/ _______________________________________________________________________ Package : avahi Date : November 20, 2006 Affected: 2007.0 _______________________________________________________________________ Problem Description: Steve Grubb discovered that netlink messages were not being checked for their sender identity. This could lead to local users manipulating the Avahi service. Packages have been patched to correct this issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5461 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 8b8082eb0c550bfa56e1ab6df6c26224 2007.0/i586/avahi-0.6.13-4.1mdv2007.0.i586.rpm 54b76c1c12ed46b8e5983e1f71eb9b06 2007.0/i586/avahi-dnsconfd-0.6.13-4.1mdv2007.0.i586.rpm 8284c933fed872b3e3f5817645c0ef92 2007.0/i586/avahi-python-0.6.13-4.1mdv2007.0.i586.rpm dbb80e6511092bb8f1c6d0d6a06c6abf 2007.0/i586/avahi-sharp-0.6.13-4.1mdv2007.0.i586.rpm d7b2c63469f8d7e02bd7a2b54e116bbe 2007.0/i586/avahi-x11-0.6.13-4.1mdv2007.0.i586.rpm f7fa07cccd9dd0830250db788a2a1b81 2007.0/i586/libavahi-client3-0.6.13-4.1mdv2007.0.i586.rpm eecd18f14552d70f1b18249fe7b1195f 2007.0/i586/libavahi-client3-devel-0.6.13-4.1mdv2007.0.i586.rpm 4bc4663193c8761ffad6fe5e22ef541e 2007.0/i586/libavahi-common3-0.6.13-4.1mdv2007.0.i586.rpm ebdba95e5e7e8c5a681fc56165ada153 2007.0/i586/libavahi-common3-devel-0.6.13-4.1mdv2007.0.i586.rpm 950af5ad6ac377561ab7179e99aefb55 2007.0/i586/libavahi-compat-howl0-0.6.13-4.1mdv2007.0.i586.rpm cb102e130142c9838f071136a5b3ec57 2007.0/i586/libavahi-compat-howl0-devel-0.6.13-4.1mdv2007.0.i586.rpm 1b7ef31a64921cb0562c757a9d0528bd 2007.0/i586/libavahi-compat-libdns_sd1-0.6.13-4.1mdv2007.0.i586.rpm bd9acd313bac2d123926d14aa7db2fb4 2007.0/i586/libavahi-compat-libdns_sd1-devel-0.6.13-4.1mdv2007.0.i586.rpm 14369ebc6ae7a7d0b1b52b4996b3ae0c 2007.0/i586/libavahi-core4-0.6.13-4.1mdv2007.0.i586.rpm e4e8f50ba75b30f9ff631c3aeefc18af 2007.0/i586/libavahi-core4-devel-0.6.13-4.1mdv2007.0.i586.rpm 13e2a3acd9536e836c3b446af59adeff 2007.0/i586/libavahi-glib1-0.6.13-4.1mdv2007.0.i586.rpm cfe0b49f30234f8be62b0f3914979523 2007.0/i586/libavahi-glib1-devel-0.6.13-4.1mdv2007.0.i586.rpm 6c9058272513502a4d5980b63a19b530 2007.0/i586/libavahi-qt3_1-0.6.13-4.1mdv2007.0.i586.rpm d846e199c543903d0ce9eeed2c2e9445 2007.0/i586/libavahi-qt3_1-devel-0.6.13-4.1mdv2007.0.i586.rpm 315e4463187ffc1d5492445af479615d 2007.0/i586/libavahi-qt4_1-0.6.13-4.1mdv2007.0.i586.rpm 606d90de97300ce0a8c648f1ec305ada 2007.0/i586/libavahi-qt4_1-devel-0.6.13-4.1mdv2007.0.i586.rpm 65a7cba76e2824cbab5797b38ed8ccc1 2007.0/SRPMS/avahi-0.6.13-4.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 9b25dad2dbf79d86c8c9c727f61e0a03 2007.0/x86_64/avahi-0.6.13-4.1mdv2007.0.x86_64.rpm d7a8aabf6ab859767041c9abe20d51cd 2007.0/x86_64/avahi-dnsconfd-0.6.13-4.1mdv2007.0.x86_64.rpm 0117840569b82bddc137b8e78ea5f08b 2007.0/x86_64/avahi-python-0.6.13-4.1mdv2007.0.x86_64.rpm e9332cffa74eb39a50488471d6ffa193 2007.0/x86_64/avahi-sharp-0.6.13-4.1mdv2007.0.x86_64.rpm 9a84e81be93c4f5609e3fafaf4f0309b 2007.0/x86_64/avahi-x11-0.6.13-4.1mdv2007.0.x86_64.rpm 7f9549b1457023b2b9fe4c2f9c8d2b53 2007.0/x86_64/lib64avahi-client3-0.6.13-4.1mdv2007.0.x86_64.rpm 299db6bd0cf61a35cea1c3753a191694 2007.0/x86_64/lib64avahi-client3-devel-0.6.13-4.1mdv2007.0.x86_64.rpm 3edcf95944dac478d0bc3c804acf833d 2007.0/x86_64/lib64avahi-common3-0.6.13-4.1mdv2007.0.x86_64.rpm b04bb0a5da39a6eee3b23b96374c1b19 2007.0/x86_64/lib64avahi-common3-devel-0.6.13-4.1mdv2007.0.x86_64.rpm 6fc42297b5fa1253b718a81cbb1d4fd2 2007.0/x86_64/lib64avahi-compat-howl0-0.6.13-4.1mdv2007.0.x86_64.rpm 126c86c305e1e8acf3c6f93a078bf868 2007.0/x86_64/lib64avahi-compat-howl0-devel-0.6.13-4.1mdv2007.0.x86_64.rpm f5dbb9e0fa82ba39c19c1797391aa5d3 2007.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.13-4.1mdv2007.0.x86_64.rpm f579c55f1f3c6984a54cae5917156ae6 2007.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm cdf62c1243fe9018809d7135968f12e1 2007.0/x86_64/lib64avahi-core4-0.6.13-4.1mdv2007.0.x86_64.rpm 6bee1aa33a4f7dfd58db568c29936482 2007.0/x86_64/lib64avahi-core4-devel-0.6.13-4.1mdv2007.0.x86_64.rpm 750eef176729afa38c61b5688047cb5e 2007.0/x86_64/lib64avahi-glib1-0.6.13-4.1mdv2007.0.x86_64.rpm 83cd5fc0401ae0dc0b39f0e905938889 2007.0/x86_64/lib64avahi-glib1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm 53341592e5ab2b187367e1c673030a60 2007.0/x86_64/lib64avahi-qt3_1-0.6.13-4.1mdv2007.0.x86_64.rpm 3b001c78e6e8a5e8caf4b8edb9382a33 2007.0/x86_64/lib64avahi-qt3_1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm 92e05b16be7967c540d54cb19770a692 2007.0/x86_64/lib64avahi-qt4_1-0.6.13-4.1mdv2007.0.x86_64.rpm dc322609350d49ee527b3e59679b2b79 2007.0/x86_64/lib64avahi-qt4_1-devel-0.6.13-4.1mdv2007.0.x86_64.rpm 65a7cba76e2824cbab5797b38ed8ccc1 2007.0/SRPMS/avahi-0.6.13-4.1mdv2007.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFYfLXmqjQ0CJFipgRAnyUAKC7GK9iIC+EPXXGmBjaUDGDZbhEOQCcCmTQ 3KvNIOuCeXVz6wN6shJ/0r0= =/63F -----END PGP SIGNATURE-----
