Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:204 (avahi)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68338

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:204 (avahi)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to avahi
announced via advisory MDVSA-2010:204.

A vulnerability was discovered and corrected in avahi:

The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon
in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial
of service (assertion failure and daemon exit) via a DNS packet with
an invalid checksum followed by a DNS packet with a valid checksum,
a different vulnerability than CVE-2008-5081 (CVE-2010-2244).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2009.1, 2010.0, 2010.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:204

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5081
BugTraq ID: 32825
http://www.securityfocus.com/bid/32825
Debian Security Information: DSA-1690 (Google Search)
http://www.debian.org/security/2008/dsa-1690
https://www.exploit-db.com/exploits/7520
http://security.gentoo.org/glsa/glsa-200901-11.xml
http://www.openwall.com/lists/oss-security/2008/12/14/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9987
http://secunia.com/advisories/33153
http://secunia.com/advisories/33220
http://secunia.com/advisories/33279
http://secunia.com/advisories/33475
SuSE Security Announcement: SUSE-SR:2009:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://www.ubuntu.com/usn/usn-696-1
Common Vulnerability Exposure (CVE) ID: CVE-2010-2244
Debian Security Information: DSA-2086 (Google Search)
http://www.debian.org/security/2010/dsa-2086
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:204
http://www.openwall.com/lists/oss-security/2010/06/23/4
http://marc.info/?l=oss-security&m=127748459505200&w=2
http://www.securitytracker.com/id?1024200

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68338
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:204 (avahi)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to avahi announced via advisory MDVSA-2010:204. A vulnerability was discovered and corrected in avahi: The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081 (CVE-2010-2244). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2009.1, 2010.0, 2010.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:204 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5081 BugTraq ID: 32825 http://www.securityfocus.com/bid/32825 Debian Security Information: DSA-1690 (Google Search) http://www.debian.org/security/2008/dsa-1690 https://www.exploit-db.com/exploits/7520 http://security.gentoo.org/glsa/glsa-200901-11.xml http://www.openwall.com/lists/oss-security/2008/12/14/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9987 http://secunia.com/advisories/33153 http://secunia.com/advisories/33220 http://secunia.com/advisories/33279 http://secunia.com/advisories/33475 SuSE Security Announcement: SUSE-SR:2009:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://www.ubuntu.com/usn/usn-696-1 Common Vulnerability Exposure (CVE) ID: CVE-2010-2244 Debian Security Information: DSA-2086 (Google Search) http://www.debian.org/security/2010/dsa-2086 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:204 http://www.openwall.com/lists/oss-security/2010/06/23/4 http://marc.info/?l=oss-security&m=127748459505200&w=2 http://www.securitytracker.com/id?1024200
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com