[avahi] [ANNOUNCE] Avahi 0.6.10

Padraig O'Briain Padraig.Obriain at Sun.COM
Mon May 8 03:31:04 PDT 2006 

I am having a problem with the checking "whether to check for GCC 
pthread/shared inconsistencies" added to common/acx_pthread.m4 as -fPIC 
is not supported by my compiler.

Is there a way for me to disable these checks on Solaris?

Padraig

Lennart Poettering wrote:
> Avahi 0.6.10
> ============
>
> This is mostly a bugfix release. Two of the bugs fixed are security
> sensitive: a remote denial-of-service vulnerability and a buffer
> overflow that can allow local users to become the 'avahi' user. We do
> not consider either of them major security threats.
>
> The DoS vulnerability can be exploited from a local network only. It
> is not worth much, though, since mDNS can easily be flooded with
> nonsense anyway. It is easy to kick remote mDNS/DNS-SD services by
> provoking a name conflict in perfect accordance with the specs.
>
> The buffer overflow is hard to exploit remotely, only local users can
> become the 'avahi' user. In addition the user is trapped inside a
> chroot() environment (at least on Linux).
>
> Anyhow, our security assessments are possibly as buggy as our
> code. Hence:
>
>      *** PLEASE UPDATE YOUR INSTALLATION ASAP! ***
>
> Changes:
>  * Fix a buffer overflow in avahi-core
>  * Refuse to process invalid UTF8 data
>  * Automatically reconnect to the DBUS if we're kicked. (Works only if
>    chroot() is disabled)
>  * Don't hit an assert() in the client libs when the Avahi daemon is
>    terminated
>  * Enumerate all service types in the database in the Service
>    Discovery Applet for Gnome
>  * Improve the Bonjour compatibility layer to make it survive
>    GnomeMeeting's broken usage
>  * Deal properly with local non-ASCII hostnames
>  * AMD64 and FreeBSD portability fixes
>  * Filter double DNS server entries in avahi-dnsconfd
>  * Fix a locking bug in avahi-sharp's EntryGroup.AddService()
>  * Ported to Solaris (incomplete)
>  * Add _airport._tcp to our service type database
>
> This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2,
> 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8 and 0.6.9.
>
> http://www.avahi.org/
>
> http://www.avahi.org/download/avahi-0.6.10.tar.gz
>
> Lennart
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> avahi mailing list
> avahi at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/avahi
>

More information about the avahi mailing list