Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 182918

Summary: net-dns/avahi Local DoS (CVE-2007-3372)
Product: Gentoo Security Reporter: Sven Wegener <swegener>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://avahi.org/milestone/Avahi%200.6.20
Whiteboard: B3? [noglsa] jaervosz
Package list:
Runtime testing required: ---

Description Sven Wegener gentoo-dev 2007-06-22 17:55:33 UTC 
From the ChangeLog:

Fix a local DoS vulnerability, where an assert() could be hit by passing empty TXT data over D-Bus to the Avahi daemon. (Low Risk)

I'm about to bump the package.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-06-23 21:33:23 UTC 
Arches please test and mark stable. Target keywords are:

avahi-0.6.20.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86 ~x86-fbsd"
Comment 2 Rémi Cardona (RETIRED) gentoo-dev 2007-06-23 23:13:09 UTC 
Broken ATM, please don't stable yet
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-06-24 10:40:40 UTC 
Let me know when a fixed version is ready for stable marking.
Comment 4 Sven Wegener gentoo-dev 2007-06-27 21:17:07 UTC 
I added the patch to net-dns/avahi-0.6.19-r1.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-06-28 04:43:58 UTC 
We now have a fixed version not blocked by bug #182999.

Arches please test and mark stable. Target keywords are:

avahi-0.6.19-r1.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86 ~x86-fbsd"
Comment 6 Markus Rothe (RETIRED) gentoo-dev 2007-06-28 08:09:17 UTC 
ppc64 stable
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2007-06-28 13:30:15 UTC 
sparc stable.
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2007-06-28 16:36:49 UTC 
alpha/ia64/x86 stable
Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev 2007-06-28 18:41:55 UTC 
ppc stable
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2007-07-02 15:36:50 UTC 
Stable for HPPA.
Comment 11 Steve Dibb (RETIRED) gentoo-dev 2007-07-07 04:06:55 UTC 
amd64 stable
Comment 12 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-07-14 21:50:41 UTC 
This one is ready for glsa decision. It seems that this DoS can only be triggered locally, so I vote NO.
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-15 07:32:28 UTC 
Voting NO and closing.