From $URL: A null UDP packet sent to avahi on port 5353 causes an infinite loop, 100% cpu, DOS. The patch for RBz Bug 607297 is what is causing this. I have posted a description to their Bz: http://bugzilla.redhat.com/show_bug.cgi?id=667187 Changed 18 hours ago by lennart * status changed from new to closed * resolution set to fixed Fixed in git. Changed 18 hours ago by lennart * milestone set to Avahi 0.6.29
I've commited avahi-0.6.28-r1, containing the fix from avahi git.
Sven, don't close security bugs please. We also need to stabilize the newer version. Any objections?
Sorry, I've jut closed it out of habbit. 0.6.28 is ready to go stable.
Arches, please test and mark stable: =net-dns/avahi-0.6.28-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
pulled in: dev-libs/libdaemon-0.14-r1 @eva any objection or prefer that we open a separate bug?
from irc: [14:00:06] <EvaSDK> ago: no objection, it should probably have gone stable long ago already :) arches, please stable also =dev-libs/libdaemon-0.14-r1 amd64 ok
I tested on x86 =net-dns/avahi-0.6.28-r1 as well as =dev-libs/libdaemon-0.14-r1. Both look good to go here.
amd64 done
ppc/ppc64 stable
x86 done. Thanks Andreas.
Stable for HPPA.
alpha/arm/ia64/s390/sh/sparc stable
Thanks, everyone. GLSA Vote: Yes.
CVE-2011-1002 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1002): avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Vote: YES. New GLSA request filed.
This issue was resolved and addressed in GLSA 201110-17 at http://security.gentoo.org/glsa/glsa-201110-17.xml by GLSA coordinator Tobias Heinlein (keytoaster).