Bug 221726

Summary: CVE-2006-6870 Maliciously crafted packed can DoS avahi daemon
Product: [Fedora] Fedora Reporter: Martin Bacovsky <mbacovsk>
Component: avahiAssignee: Martin Bacovsky <mbacovsk>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 5Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://avahi.org/ticket/84
Whiteboard: source=gentoo,impact=important,public=20070103,reported=20070104
Fixed In Version: avahi-0.6.11-3.fc5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-01-07 00:29:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 221440    
Bug Blocks:    

Description Martin Bacovsky 2007-01-06 22:13:12 UTC 
+++ This bug was initially created as a clone of Bug #221440 +++

+++ This bug was initially created as a clone of Bug #221439 +++

Description of problem:

Malformed compressed packed can trigger an endless loop
consuming 100% of cpu time upon its reception.

Version-Release number of selected component (if applicable):

FC5 (0.6.11), FC6 (0.6.15), RHEL5 (0.6.15)

Steps to Reproduce:

No reproducer available.

-- Additional comment from lkundrak on 2007-01-04 12:39 EST --
Created an attachment (id=144823)
Upstram patch for avahi Ticket #84 bug
Comment 1 Martin Bacovsky 2007-01-07 00:29:14 UTC 
Patch resolving this bug was applied in avahi-0.6.11-3.fc5.