CVE-2011-1002

Name of the Vulnerable Software and Affected Versions avahi versions prior to 0.6.29 avahi-glib versions 0.6.16 avahi-glib-devel versions 0.6.16 avahi-compat-howl versions 0.6.16 avahi-compat-howl-devel versions 0.6.16 avahi-qt3 versions 0.6.16 avahi-qt3-devel versions 0.6.16 avahi-devel versions 0.6.16 avahi-tools versions 0.6.16 avahi-compat-libdns sd versions 0.6.16 avahi-compat-libdns sd-devel versions 0.6.16

Description The issue allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. This can lead to disruption of protected information availability. The vulnerability can be exploited remotely.

Recommendations For avahi versions prior to 0.6.29, update to version 0.6.29 or later. For avahi-glib versions 0.6.16, update to a version later than 0.6.16. For avahi-glib-devel versions 0.6.16, update to a version later than 0.6.16. For avahi-compat-howl versions 0.6.16, update to a version later than 0.6.16. For avahi-compat-howl-devel versions 0.6.16, update to a version later than 0.6.16. For avahi-qt3 versions 0.6.16, update to a version later than 0.6.16. For avahi-qt3-devel versions 0.6.16, update to a version later than 0.6.16. For avahi-devel versions 0.6.16, update to a version later than 0.6.16. For avahi-tools versions 0.6.16, update to a version later than 0.6.16. For avahi-compat-libdns sd versions 0.6.16, update to a version later than 0.6.16. For avahi-compat-libdns sd-devel versions 0.6.16, update to a version later than 0.6.16.