X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=docs%2FNEWS;h=5effdcc2d099cc57538318c77c99e949929e9ad3;hb=331616bd807e632bec117e78f257e8ec99ef0ba5;hp=d140050f3129ddebdda2cee669cf8d340a1875cd;hpb=aa1b7e495714122e055ad58e8d34a804d5c9c147;p=catta diff --git a/docs/NEWS b/docs/NEWS index d140050..5effdcc 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -1,3 +1,46 @@ +Avahi 0.6.10 +============ + +This is mostly a bugfix release. Two of the bugs fixed are security +sensitive: a remote denial-of-service vulnerability and a buffer +overflow that can allow local users to become the 'avahi' user. We do +not consider either of them major security threats. + +The DoS vulnerability can be exploited from a local network only. It +is not worth much, though, since mDNS can easily be flooded with +nonsense anyway. It is easy to kick remote mDNS/DNS-SD services by +provoking a name conflict in perfect accordance with the specs. + +The buffer overflow is hard to exploit remotely, only local users can +become the 'avahi' user. In addition the user is trapped inside a +chroot() environment (at least on Linux). + +Anyhow, our security assessments are possibly as buggy as our +code. Hence: + + *** PLEASE UPDATE YOUR INSTALLATION ASAP! *** + +Changes: + * Fix a buffer overflow in avahi-core + * Refuse to process invalid UTF8 data + * Automatically reconnect to the DBUS if we're kicked. (Works only if + chroot() is disabled) + * Don't hit an assert() in the client libs when the Avahi daemon is + terminated + * Enumerate all service types in the database in the Service + Discovery Applet for Gnome + * Improve the Bonjour compatibility layer to make it survive + GnomeMeeting's broken usage + * Deal properly with local non-ASCII hostnames + * AMD64 and FreeBSD portability fixes + * Filter double DNS server entries in avahi-dnsconfd + * Fix a locking bug in avahi-sharp's EntryGroup.AddService() + * Ported to Solaris (incomplete) + * Add _airport._tcp to our service type database + +This release is backwards compatible with Avahi 0.6, 0.6.1, 0.6.2, +0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8 and 0.6.9. + Avahi 0.6.9 ===========