]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
avahi: fix CVE-2024-52615
authorZhang Peng <peng.zhang1.cn@windriver.com>
Thu, 31 Jul 2025 06:06:42 +0000 (14:06 +0800)
committerSteve Sakoman <steve@sakoman.com>
Thu, 31 Jul 2025 16:18:38 +0000 (09:18 -0700)
commit7bd9fee6d654326ea921b51113de99f793e11545
tree89c0d911b39aac8282d0df66c88a1d9a381505b3
parentb4a2f74ba0b40abcdf56c4b58cae5f7ce145d511
avahi: fix CVE-2024-52615

CVE-2024-52615:
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area
DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52615]
[https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g]

Upstream patches:
[https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-connectivity/avahi/avahi_0.8.bb
meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch [new file with mode: 0644]