Please Install the Updated Packages.

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially-crafted mDNS packets. (CVE-2010-2244) A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially-crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. (CVE-2009-0758) All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically.

avahi on CentOS 5

• http://lists.centos.org/pipermail/centos-announce/2010-July/016778.html

---

Updated on 2015-03-25