Scientific Linux Security Update : avahi on SL5.x i386/x86_64
High Nessus Plugin ID 60814
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets.
A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default.
After installing the update, avahi-daemon will be restarted automatically.
SolutionUpdate the affected packages.