Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 182918 - net-dns/avahi Local DoS (CVE-2007-3372)
Summary: net-dns/avahi Local DoS (CVE-2007-3372)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://avahi.org/milestone/Avahi%200....
Whiteboard: B3? [noglsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2007-06-22 17:55 UTC by Sven Wegener
Modified: 2007-08-25 22:11 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Wegener gentoo-dev 2007-06-22 17:55:33 UTC
From the ChangeLog:

Fix a local DoS vulnerability, where an assert() could be hit by passing empty TXT data over D-Bus to the Avahi daemon. (Low Risk)

I'm about to bump the package.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-06-23 21:33:23 UTC
Arches please test and mark stable. Target keywords are:

avahi-0.6.20.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86 ~x86-fbsd"
Comment 2 Rémi Cardona (RETIRED) gentoo-dev 2007-06-23 23:13:09 UTC
Broken ATM, please don't stable yet
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-06-24 10:40:40 UTC
Let me know when a fixed version is ready for stable marking.
Comment 4 Sven Wegener gentoo-dev 2007-06-27 21:17:07 UTC
I added the patch to net-dns/avahi-0.6.19-r1.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-06-28 04:43:58 UTC
We now have a fixed version not blocked by bug #182999.

Arches please test and mark stable. Target keywords are:

avahi-0.6.19-r1.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86 ~x86-fbsd"
Comment 6 Markus Rothe (RETIRED) gentoo-dev 2007-06-28 08:09:17 UTC
ppc64 stable
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2007-06-28 13:30:15 UTC
sparc stable.
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2007-06-28 16:36:49 UTC
alpha/ia64/x86 stable
Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev 2007-06-28 18:41:55 UTC
ppc stable
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2007-07-02 15:36:50 UTC
Stable for HPPA.
Comment 11 Steve Dibb (RETIRED) gentoo-dev 2007-07-07 04:06:55 UTC
amd64 stable
Comment 12 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-07-14 21:50:41 UTC
This one is ready for glsa decision. It seems that this DoS can only be triggered locally, so I vote NO.
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-15 07:32:28 UTC
Voting NO and closing.