poky/avahi at scarthgap-5.0.11 - poky

mirror of git://git.yoctoproject.org/poky.git synced 2025-08-22 00:42:05 +02:00

History

Zhang Peng 0d1f714793 avahi: fix CVE-2024-52616 CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52616] [https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm] Upstream patches: [`f8710bdc8b`] (From OE-Core rev: 28de3f131b17dc4165df927060ee51f0de3ada90) Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-01-24 07:59:38 -08:00
..
files	avahi: fix CVE-2024-52616	2025-01-24 07:59:38 -08:00
avahi_0.8.bb	avahi: fix CVE-2024-52616	2025-01-24 07:59:38 -08:00

Zhang Peng 0d1f714793 avahi: fix CVE-2024-52616

CVE-2024-52616:
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs
randomly only once at startup, incrementing them sequentially after that. This
predictable behavior facilitates DNS spoofing attacks, allowing attackers to
guess transaction IDs.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52616]
[https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm]

Upstream patches:
[f8710bdc8b]

(From OE-Core rev: 28de3f131b17dc4165df927060ee51f0de3ada90)

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-01-24 07:59:38 -08:00

files avahi: fix CVE-2024-52616 2025-01-24 07:59:38 -08:00

avahi_0.8.bb avahi: fix CVE-2024-52616 2025-01-24 07:59:38 -08:00