[avahi] [ANNOUNCE] Avahi 0.6.10

Lennart Poettering lennart at poettering.net
Fri May 5 11:09:37 PDT 2006 

Avahi 0.6.10
============

This is mostly a bugfix release. Two of the bugs fixed are security
sensitive: a remote denial-of-service vulnerability and a buffer
overflow that can allow local users to become the 'avahi' user. We do
not consider either of them major security threats.

The DoS vulnerability can be exploited from a local network only. It
is not worth much, though, since mDNS can easily be flooded with
nonsense anyway. It is easy to kick remote mDNS/DNS-SD services by
provoking a name conflict in perfect accordance with the specs.

The buffer overflow is hard to exploit remotely, only local users can
become the 'avahi' user. In addition the user is trapped inside a
chroot() environment (at least on Linux).

Anyhow, our security assessments are possibly as buggy as our
code. Hence:

     *** PLEASE UPDATE YOUR INSTALLATION ASAP! ***

Changes:
 * Fix a buffer overflow in avahi-core
 * Refuse to process invalid UTF8 data
 * Automatically reconnect to the DBUS if we're kicked. (Works only if
   chroot() is disabled)
 * Don't hit an assert() in the client libs when the Avahi daemon is
   terminated
 * Enumerate all service types in the database in the Service
   Discovery Applet for Gnome
 * Improve the Bonjour compatibility layer to make it survive
   GnomeMeeting's broken usage
 * Deal properly with local non-ASCII hostnames
 * AMD64 and FreeBSD portability fixes
 * Filter double DNS server entries in avahi-dnsconfd
 * Fix a locking bug in avahi-sharp's EntryGroup.AddService()
 * Ported to Solaris (incomplete)
 * Add _airport._tcp to our service type database

This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2,
0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8 and 0.6.9.

http://www.avahi.org/

http://www.avahi.org/download/avahi-0.6.10.tar.gz

Lennart

-- 
Lennart Poettering; lennart [at] poettering [dot] net
ICQ# 11060553; GPG 0x1A015CC4; http://0pointer.net/lennart/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/avahi/attachments/20060505/80b411e1/attachment-0001.pgp

More information about the avahi mailing list