]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3d36874) | patch
avahi: fix CVE-2024-52615
authorZhang Peng <peng.zhang1.cn@windriver.com>
Mon, 27 Oct 2025 06:09:15 +0000 (14:09 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 30 Oct 2025 11:06:22 +0000 (11:06 +0000)
commit97d60090dbe96dca423af47c8d55cc53e172fb4c
treedac7dc3df19879ad659630e4f526f9efb5fddfb5tree | snapshot
parent3d36874e2beb64ca2a089a2be942cbbbbe1fff79commit | diff
avahi: fix CVE-2024-52615

CVE-2024-52615:
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area
DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52615]
[https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g]

Upstream patches:
[https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942]

(Cherry pick from commit: ec22ec26b3f40ed5e0d84d60c29d8c315cf72e23)

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/avahi/avahi_0.8.bb diff | blob | blame | history
meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core