221440 – (CVE-2006-6870) CVE-2006-6870 Maliciously crafted packed can DoS avahi daemon

Bug 221440 (CVE-2006-6870) - CVE-2006-6870 Maliciously crafted packed can DoS avahi daemon

Summary: CVE-2006-6870 Maliciously crafted packed can DoS avahi daemon

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2006-6870
Product:	Fedora
Classification:	Fedora
Component:	avahi
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Martin Bacovsky
QA Contact:
Docs Contact:
URL:	http://avahi.org/ticket/84
Whiteboard:	source=gentoo,impact=important,public...
Depends On:	221439
Blocks:	221726
TreeView+	depends on / blocked

Reported:	2007-01-04 17:41 UTC by Lubomir Kundrak
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:	avahi-0.6.16-1.fc6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-01-07 17:22:40 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Lubomir Kundrak 2007-01-04 17:41:38 UTC

+++ This bug was initially created as a clone of Bug #221439 +++

Description of problem:

Malformed compressed packed can trigger an endless loop
consuming 100% of cpu time upon its reception.

Version-Release number of selected component (if applicable):

FC5 (0.6.11), FC6 (0.6.15), RHEL5 (0.6.15)

Steps to Reproduce:

No reproducer available.

-- Additional comment from lkundrak on 2007-01-04 12:39 EST --
Created an attachment (id=144823)
Upstram patch for avahi Ticket #84 bug

Comment 1 Martin Bacovsky 2007-01-07 17:22:40 UTC

This bug should be fixed in avahi 0.6.16.

Comment 2 Kevin Kofler 2007-01-15 09:47:13 UTC

But the latest avahi in FC6 is still avahi-0.6.15-1.fc6.

Comment 3 Martin Bacovsky 2007-01-15 12:41:40 UTC

Avahi 0.6.16 was in testing. Today it was pushed to Final.

Note You need to log in before you can comment on or make changes to this bug.