]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d244d4d) | patch
avahi: fix CVE-2024-52616
authorZhang Peng <peng.zhang1.cn@windriver.com>
Thu, 16 Jan 2025 13:51:38 +0000 (21:51 +0800)
committerSteve Sakoman <steve@sakoman.com>
Thu, 16 Jan 2025 15:15:35 +0000 (07:15 -0800)
commit28de3f131b17dc4165df927060ee51f0de3ada90
treeaa374d3d086c6dfdc8467bac675a4688a5eb5501tree
parentd244d4d48615a7b08f1ab0231f074caa31790247commit | diff
avahi: fix CVE-2024-52616

CVE-2024-52616:
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs
randomly only once at startup, incrementing them sequentially after that. This
predictable behavior facilitates DNS spoofing attacks, allowing attackers to
guess transaction IDs.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52616]
[https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm]

Upstream patches:
[https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-connectivity/avahi/avahi_0.8.bb diff | blob | blame | history
meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core-contrib