Bug 221440 - (CVE-2006-6870) CVE-2006-6870 Maliciously crafted packed can DoS avahi daemon
CVE-2006-6870 Maliciously crafted packed can DoS avahi daemon
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: avahi (Show other bugs)
6
All Linux
high Severity high
: ---
: ---
Assigned To: Martin Bacovsky
http://avahi.org/ticket/84
source=gentoo,impact=important,public...
: Security
Depends On: 221439
Blocks: 221726
  Show dependency treegraph
 
Reported: 2007-01-04 12:41 EST by Lubomir Kundrak
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: avahi-0.6.16-1.fc6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-07 12:22:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2007-01-04 12:41:38 EST
+++ This bug was initially created as a clone of Bug #221439 +++

Description of problem:

Malformed compressed packed can trigger an endless loop
consuming 100% of cpu time upon its reception.

Version-Release number of selected component (if applicable):

FC5 (0.6.11), FC6 (0.6.15), RHEL5 (0.6.15)

Steps to Reproduce:

No reproducer available.

-- Additional comment from lkundrak@redhat.com on 2007-01-04 12:39 EST --
Created an attachment (id=144823)
Upstram patch for avahi Ticket #84 bug
Comment 1 Martin Bacovsky 2007-01-07 12:22:40 EST
This bug should be fixed in avahi 0.6.16. 
Comment 2 Kevin Kofler 2007-01-15 04:47:13 EST
But the latest avahi in FC6 is still avahi-0.6.15-1.fc6.
Comment 3 Martin Bacovsky 2007-01-15 07:41:40 EST
Avahi 0.6.16 was in testing. Today it was pushed to Final.

Note You need to log in before you can comment on or make changes to this bug.