CESA-2009:0013 -- centos 5 i386 avahiID: oval:org.secpod.oval:def:202118 | Date: (C)2012-01-31 (M)2022-10-10 |
Class: PATCH | Family: unix |
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zeroconf Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, see printers to print to, and find shared files on other computers. Hugo Dias discovered a denial of service flaw in avahi-daemon. A remote attacker on the same local area network could send a specially-crafted mDNS packet that would cause avahi-daemon to exit unexpectedly due to a failed assertion check. All users are advised to upgrade to these updated packages, which contain a backported patch which resolves this issue. After installing the update, avahi-daemon will be restarted automatically.