[SECURITY] Fedora 10 Update: avahi-0.6.22-12.fc10

updates at fedoraproject.org updates at fedoraproject.org
Wed Jan 7 09:33:13 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-11351
2008-12-17 03:33:20
--------------------------------------------------------------------------------

Name        : avahi
Product     : Fedora 10
Version     : 0.6.22
Release     : 12.fc10
URL         : http://avahi.org
Summary     : Local network service discovery
Description :
Avahi is a system which facilitates service discovery on
a local network -- this means that you can plug your laptop or
computer into a network and instantly be able to view other people who
you can chat with, find printers to print to or find files being
shared. This kind of technology is already found in MacOS X (branded
'Rendezvous', 'Bonjour' and sometimes 'ZeroConf') and is very
convenient.

--------------------------------------------------------------------------------
Update Information:

This version includes five patches backported from the recently released 0.6.24:
- A trivial security fix for CVE-2008-5081, rhbz 475964.    - A trivial fix for
the threaded event loop, avahi bts #251    - A trivial fix unbreaking the
--force-bind logic of avahi-autoipd, avahi bts #209    - A trivial fix to make
sure we never end up with an invalid IP address in avahi-autoipd, avahi bts #231
- A trivial change to include the host name of the sender when we receive bogus
mDNS packets, rhbz #438013    All changes are "trivial", i.e. very simple in
nature.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Dec 14 2008 Lennart Poettering <lpoetter at redhat.com> - 0.6.22-12
- Fix a couple of issues, rhbz #475394, avahi bts #209, rhbz #438013, avahi bts
    All backported from upstream 0.6.24
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #475964 - CVE-2008-5081 avahi: avahi-daemon DoS (application abort) via packet with source port 0
        https://bugzilla.redhat.com/show_bug.cgi?id=475964
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update avahi' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list