USN-1084-1: avahi vulnerability

7 March 2011

avahi vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 8.04 LTS

Summary

An attacker could send crafted input to Avahi and cause it to hang.

Software Description

  • avahi - Avahi IPv4LL network address configuration daemon

Details

It was discovered that Avahi incorrectly handled empty UDP packets. A remote attacker could send a specially-crafted packet and cause Avahi to hang, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.10
libavahi-core7 - 0.6.27-2ubuntu3.1
Ubuntu 10.04 LTS
libavahi-core6 - 0.6.25-1ubuntu6.2
Ubuntu 9.10
libavahi-core6 - 0.6.25-1ubuntu5.3
Ubuntu 8.04 LTS
libavahi-core5 - 0.6.22-2ubuntu4.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References