Red Hat 9042 Published by

Red Hat has released the following Security Advisories for Red Hat Enterprise Linux

- [RHSA-2010:0520-01] Important: libtiff security update
- [RHSA-2010:0521-01] Moderate: gfs-kmod security update
- [RHSA-2010:0528-01] Moderate: avahi security update



[RHSA-2010:0520-01] Important: libtiff security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: libtiff security update
Advisory ID: RHSA-2010:0520-01
Product: Red Hat Enterprise Linux
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-07-08
CVE Names: CVE-2010-1411 CVE-2010-2598
=====================================================================

1. Summary:

Updated libtiff packages that fix two security issues are now available for
Red Hat Enterprise Linux 3.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Description:

The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

Multiple integer overflow flaws, leading to a buffer overflow, were
discovered in libtiff. An attacker could use these flaws to create a
specially-crafted TIFF file that, when opened, would cause an application
linked against libtiff to crash or, possibly, execute arbitrary code.
(CVE-2010-1411)

An input validation flaw was discovered in libtiff. An attacker could use
this flaw to create a specially-crafted TIFF file that, when opened, would
cause an application linked against libtiff to crash. (CVE-2010-2598)

Red Hat would like to thank Apple Product Security for responsibly
reporting the CVE-2010-1411 flaw, who credit Kevin Finisterre of
digitalmunition.com for the discovery of the issue.

All libtiff users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. All running
applications linked against libtiff must be restarted for this update to
take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
301 Moved Permanently

5. Bugs fixed (http://bugzilla.redhat.com/):

592361 - CVE-2010-1411 libtiff: integer overflows leading to heap overflow in Fax3SetupState
610786 - CVE-2010-2598 libtiff: crash when reading image with not configured compression

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libtiff-3.5.7-34.el3.src.rpm

i386:
libtiff-3.5.7-34.el3.i386.rpm
libtiff-debuginfo-3.5.7-34.el3.i386.rpm
libtiff-devel-3.5.7-34.el3.i386.rpm

ia64:
libtiff-3.5.7-34.el3.i386.rpm
libtiff-3.5.7-34.el3.ia64.rpm
libtiff-debuginfo-3.5.7-34.el3.i386.rpm
libtiff-debuginfo-3.5.7-34.el3.ia64.rpm
libtiff-devel-3.5.7-34.el3.ia64.rpm

ppc:
libtiff-3.5.7-34.el3.ppc.rpm
libtiff-3.5.7-34.el3.ppc64.rpm
libtiff-debuginfo-3.5.7-34.el3.ppc.rpm
libtiff-debuginfo-3.5.7-34.el3.ppc64.rpm
libtiff-devel-3.5.7-34.el3.ppc.rpm

s390:
libtiff-3.5.7-34.el3.s390.rpm
libtiff-debuginfo-3.5.7-34.el3.s390.rpm
libtiff-devel-3.5.7-34.el3.s390.rpm

s390x:
libtiff-3.5.7-34.el3.s390.rpm
libtiff-3.5.7-34.el3.s390x.rpm
libtiff-debuginfo-3.5.7-34.el3.s390.rpm
libtiff-debuginfo-3.5.7-34.el3.s390x.rpm
libtiff-devel-3.5.7-34.el3.s390x.rpm

x86_64:
libtiff-3.5.7-34.el3.i386.rpm
libtiff-3.5.7-34.el3.x86_64.rpm
libtiff-debuginfo-3.5.7-34.el3.i386.rpm
libtiff-debuginfo-3.5.7-34.el3.x86_64.rpm
libtiff-devel-3.5.7-34.el3.x86_64.rpm

Red Hat Desktop version 3:

Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libtiff-3.5.7-34.el3.src.rpm

i386:
libtiff-3.5.7-34.el3.i386.rpm
libtiff-debuginfo-3.5.7-34.el3.i386.rpm
libtiff-devel-3.5.7-34.el3.i386.rpm

x86_64:
libtiff-3.5.7-34.el3.i386.rpm
libtiff-3.5.7-34.el3.x86_64.rpm
libtiff-debuginfo-3.5.7-34.el3.i386.rpm
libtiff-debuginfo-3.5.7-34.el3.x86_64.rpm
libtiff-devel-3.5.7-34.el3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libtiff-3.5.7-34.el3.src.rpm

i386:
libtiff-3.5.7-34.el3.i386.rpm
libtiff-debuginfo-3.5.7-34.el3.i386.rpm
libtiff-devel-3.5.7-34.el3.i386.rpm

ia64:
libtiff-3.5.7-34.el3.i386.rpm
libtiff-3.5.7-34.el3.ia64.rpm
libtiff-debuginfo-3.5.7-34.el3.i386.rpm
libtiff-debuginfo-3.5.7-34.el3.ia64.rpm
libtiff-devel-3.5.7-34.el3.ia64.rpm

x86_64:
libtiff-3.5.7-34.el3.i386.rpm
libtiff-3.5.7-34.el3.x86_64.rpm
libtiff-debuginfo-3.5.7-34.el3.i386.rpm
libtiff-debuginfo-3.5.7-34.el3.x86_64.rpm
libtiff-devel-3.5.7-34.el3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libtiff-3.5.7-34.el3.src.rpm

i386:
libtiff-3.5.7-34.el3.i386.rpm
libtiff-debuginfo-3.5.7-34.el3.i386.rpm
libtiff-devel-3.5.7-34.el3.i386.rpm

ia64:
libtiff-3.5.7-34.el3.i386.rpm
libtiff-3.5.7-34.el3.ia64.rpm
libtiff-debuginfo-3.5.7-34.el3.i386.rpm
libtiff-debuginfo-3.5.7-34.el3.ia64.rpm
libtiff-devel-3.5.7-34.el3.ia64.rpm

x86_64:
libtiff-3.5.7-34.el3.i386.rpm
libtiff-3.5.7-34.el3.x86_64.rpm
libtiff-debuginfo-3.5.7-34.el3.i386.rpm
libtiff-debuginfo-3.5.7-34.el3.x86_64.rpm
libtiff-devel-3.5.7-34.el3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
redhat.com | GPG Keys

7. References:

redhat.com | CVE-2010-1411
redhat.com | CVE-2010-2598
redhat.com | Severity Ratings

8. Contact:

The Red Hat security contact is . More contact
details at redhat.com | Contact Security Response Team

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0521-01] Moderate: gfs-kmod security update
=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: gfs-kmod security update
Advisory ID: RHSA-2010:0521-01
Product: Red Hat Enterprise Linux
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-07-08
CVE Names: CVE-2010-0727
=====================================================================

1. Summary:

Updated gfs-kmod packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.4 Extended Update Support, kernel release
2.6.18-164.19.1.el5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Cluster-Storage (v. 5.4.Z server) - i386, ia64, ppc, x86_64

3. Description:

The gfs-kmod packages contain modules that provide the ability to mount and
use GFS file systems.

A flaw was found in the gfs_lock() implementation. The GFS locking code
could skip the lock operation for files that have the S_ISGID bit
(set-group-ID on execution) in their mode set. A local, unprivileged user
on a system that has a GFS file system mounted could use this flaw to cause
a kernel panic. (CVE-2010-0727)

These updated gfs-kmod packages are in sync with the latest kernel
(2.6.18-164.19.1.el5). The modules in earlier gfs-kmod packages failed to
load because they did not match the running kernel. It was possible to
force-load the modules. With this update, however, users no longer need to.

Users are advised to upgrade to these latest gfs-kmod packages, updated for
use with the 2.6.18-164.19.1.el5 kernel, which contain a backported patch
to correct this issue.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
301 Moved Permanently

5. Bugs fixed (http://bugzilla.redhat.com/):

570863 - CVE-2010-0727 bug in GFS/GFS2 locking code leads to dos

6. Package List:

RHEL Cluster-Storage (v. 5.4.Z server):

Source:
gfs-kmod-0.1.34-2.el5_4.3.src.rpm

i386:
gfs-kmod-debuginfo-0.1.34-2.el5_4.3.i686.rpm
kmod-gfs-0.1.34-2.el5_4.3.i686.rpm
kmod-gfs-PAE-0.1.34-2.el5_4.3.i686.rpm
kmod-gfs-xen-0.1.34-2.el5_4.3.i686.rpm

ia64:
gfs-kmod-debuginfo-0.1.34-2.el5_4.3.ia64.rpm
kmod-gfs-0.1.34-2.el5_4.3.ia64.rpm
kmod-gfs-xen-0.1.34-2.el5_4.3.ia64.rpm

ppc:
gfs-kmod-debuginfo-0.1.34-2.el5_4.3.ppc64.rpm
kmod-gfs-0.1.34-2.el5_4.3.ppc64.rpm

x86_64:
gfs-kmod-debuginfo-0.1.34-2.el5_4.3.x86_64.rpm
kmod-gfs-0.1.34-2.el5_4.3.x86_64.rpm
kmod-gfs-xen-0.1.34-2.el5_4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
redhat.com | GPG Keys

7. References:

redhat.com | CVE-2010-0727
redhat.com | Severity Ratings

8. Contact:

The Red Hat security contact is . More contact
details at redhat.com | Contact Security Response Team

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0528-01] Moderate: avahi security update
=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: avahi security update
Advisory ID: RHSA-2010:0528-01
Product: Red Hat Enterprise Linux
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-07-13
CVE Names: CVE-2009-0758 CVE-2010-2244
=====================================================================

1. Summary:

Updated avahi packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

Avahi is an implementation of the DNS Service Discovery and Multicast DNS
specifications for Zero Configuration Networking. It facilitates service
discovery on a local network. Avahi and Avahi-aware applications allow you
to plug your computer into a network and, with no configuration, view other
people to chat with, view printers to print to, and find shared files on
other computers.

A flaw was found in the way the Avahi daemon (avahi-daemon) processed
Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the
local network could use this flaw to cause avahi-daemon on a target system
to exit unexpectedly via specially-crafted mDNS packets. (CVE-2010-2244)

A flaw was found in the way avahi-daemon processed incoming unicast mDNS
messages. If the mDNS reflector were enabled on a system, an attacker on
the local network could send a specially-crafted unicast mDNS message to
that system, resulting in its avahi-daemon flooding the network with a
multicast packet storm, and consuming a large amount of CPU. Note: The mDNS
reflector is disabled by default. (CVE-2009-0758)

All users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the update,
avahi-daemon will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
301 Moved Permanently

5. Bugs fixed (http://bugzilla.redhat.com/):

488314 - CVE-2009-0758 avahi: remote DoS via legacy unicast mDNS queries
607293 - CVE-2010-2244 avahi: assertion failure after receiving a packet with corrupted checksum

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/avahi-0.6.16-9.el5_5.src.rpm

i386:
avahi-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm
avahi-debuginfo-0.6.16-9.el5_5.i386.rpm
avahi-devel-0.6.16-9.el5_5.i386.rpm
avahi-glib-0.6.16-9.el5_5.i386.rpm
avahi-glib-devel-0.6.16-9.el5_5.i386.rpm
avahi-qt3-0.6.16-9.el5_5.i386.rpm
avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm
avahi-tools-0.6.16-9.el5_5.i386.rpm

x86_64:
avahi-0.6.16-9.el5_5.i386.rpm
avahi-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-howl-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.x86_64.rpm
avahi-debuginfo-0.6.16-9.el5_5.i386.rpm
avahi-debuginfo-0.6.16-9.el5_5.x86_64.rpm
avahi-glib-0.6.16-9.el5_5.i386.rpm
avahi-glib-0.6.16-9.el5_5.x86_64.rpm
avahi-qt3-0.6.16-9.el5_5.i386.rpm
avahi-qt3-0.6.16-9.el5_5.x86_64.rpm
avahi-tools-0.6.16-9.el5_5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/avahi-0.6.16-9.el5_5.src.rpm

i386:
avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm
avahi-debuginfo-0.6.16-9.el5_5.i386.rpm
avahi-devel-0.6.16-9.el5_5.i386.rpm
avahi-glib-devel-0.6.16-9.el5_5.i386.rpm
avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm

x86_64:
avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-debuginfo-0.6.16-9.el5_5.i386.rpm
avahi-debuginfo-0.6.16-9.el5_5.x86_64.rpm
avahi-devel-0.6.16-9.el5_5.i386.rpm
avahi-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-glib-devel-0.6.16-9.el5_5.i386.rpm
avahi-glib-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm
avahi-qt3-devel-0.6.16-9.el5_5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/avahi-0.6.16-9.el5_5.src.rpm

i386:
avahi-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm
avahi-debuginfo-0.6.16-9.el5_5.i386.rpm
avahi-devel-0.6.16-9.el5_5.i386.rpm
avahi-glib-0.6.16-9.el5_5.i386.rpm
avahi-glib-devel-0.6.16-9.el5_5.i386.rpm
avahi-qt3-0.6.16-9.el5_5.i386.rpm
avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm
avahi-tools-0.6.16-9.el5_5.i386.rpm

ia64:
avahi-0.6.16-9.el5_5.ia64.rpm
avahi-compat-howl-0.6.16-9.el5_5.ia64.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.ia64.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.ia64.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.ia64.rpm
avahi-debuginfo-0.6.16-9.el5_5.ia64.rpm
avahi-devel-0.6.16-9.el5_5.ia64.rpm
avahi-glib-0.6.16-9.el5_5.ia64.rpm
avahi-glib-devel-0.6.16-9.el5_5.ia64.rpm
avahi-qt3-0.6.16-9.el5_5.ia64.rpm
avahi-qt3-devel-0.6.16-9.el5_5.ia64.rpm
avahi-tools-0.6.16-9.el5_5.ia64.rpm

ppc:
avahi-0.6.16-9.el5_5.ppc.rpm
avahi-0.6.16-9.el5_5.ppc64.rpm
avahi-compat-howl-0.6.16-9.el5_5.ppc.rpm
avahi-compat-howl-0.6.16-9.el5_5.ppc64.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.ppc.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.ppc64.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.ppc.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.ppc64.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.ppc.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.ppc64.rpm
avahi-debuginfo-0.6.16-9.el5_5.ppc.rpm
avahi-debuginfo-0.6.16-9.el5_5.ppc64.rpm
avahi-devel-0.6.16-9.el5_5.ppc.rpm
avahi-devel-0.6.16-9.el5_5.ppc64.rpm
avahi-glib-0.6.16-9.el5_5.ppc.rpm
avahi-glib-0.6.16-9.el5_5.ppc64.rpm
avahi-glib-devel-0.6.16-9.el5_5.ppc.rpm
avahi-glib-devel-0.6.16-9.el5_5.ppc64.rpm
avahi-qt3-0.6.16-9.el5_5.ppc.rpm
avahi-qt3-0.6.16-9.el5_5.ppc64.rpm
avahi-qt3-devel-0.6.16-9.el5_5.ppc.rpm
avahi-qt3-devel-0.6.16-9.el5_5.ppc64.rpm
avahi-tools-0.6.16-9.el5_5.ppc.rpm

s390x:
avahi-0.6.16-9.el5_5.s390.rpm
avahi-0.6.16-9.el5_5.s390x.rpm
avahi-compat-howl-0.6.16-9.el5_5.s390.rpm
avahi-compat-howl-0.6.16-9.el5_5.s390x.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.s390.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.s390x.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.s390.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.s390x.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.s390.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.s390x.rpm
avahi-debuginfo-0.6.16-9.el5_5.s390.rpm
avahi-debuginfo-0.6.16-9.el5_5.s390x.rpm
avahi-devel-0.6.16-9.el5_5.s390.rpm
avahi-devel-0.6.16-9.el5_5.s390x.rpm
avahi-glib-0.6.16-9.el5_5.s390.rpm
avahi-glib-0.6.16-9.el5_5.s390x.rpm
avahi-glib-devel-0.6.16-9.el5_5.s390.rpm
avahi-glib-devel-0.6.16-9.el5_5.s390x.rpm
avahi-qt3-0.6.16-9.el5_5.s390.rpm
avahi-qt3-0.6.16-9.el5_5.s390x.rpm
avahi-qt3-devel-0.6.16-9.el5_5.s390.rpm
avahi-qt3-devel-0.6.16-9.el5_5.s390x.rpm
avahi-tools-0.6.16-9.el5_5.s390x.rpm

x86_64:
avahi-0.6.16-9.el5_5.i386.rpm
avahi-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-howl-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-howl-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-0.6.16-9.el5_5.x86_64.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm
avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-debuginfo-0.6.16-9.el5_5.i386.rpm
avahi-debuginfo-0.6.16-9.el5_5.x86_64.rpm
avahi-devel-0.6.16-9.el5_5.i386.rpm
avahi-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-glib-0.6.16-9.el5_5.i386.rpm
avahi-glib-0.6.16-9.el5_5.x86_64.rpm
avahi-glib-devel-0.6.16-9.el5_5.i386.rpm
avahi-glib-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-qt3-0.6.16-9.el5_5.i386.rpm
avahi-qt3-0.6.16-9.el5_5.x86_64.rpm
avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm
avahi-qt3-devel-0.6.16-9.el5_5.x86_64.rpm
avahi-tools-0.6.16-9.el5_5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
redhat.com | GPG Keys

7. References:

redhat.com | CVE-2009-0758
redhat.com | CVE-2010-2244
redhat.com | Severity Ratings

8. Contact:

The Red Hat security contact is . More contact
details at redhat.com | Contact Security Response Team

Copyright 2010 Red Hat, Inc.