avahi: fix CVE-2024-52615 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Zhang Peng <peng.zhang1.cn@windriver.com>	2025-10-27 14:09:15 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-10-30 11:06:28 +0000
commit	78a15a355690eb0eb6943b411c6b21c1e8f6c075 (patch)
tree	c8e042ec17a0191c79781c26e9910c51a867719f /scripts/lib/checklayer/__init__.py
parent	280f06735a693244a1d29dbad076fba0af30eb00 (diff)
download	poky-78a15a355690eb0eb6943b411c6b21c1e8f6c075.tar.gz

avahi: fix CVE-2024-52615

CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52615] [https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g] Upstream patches: [https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942] (Cherry pick from commit: ec22ec26b3f40ed5e0d84d60c29d8c315cf72e23) (From OE-Core rev: 97d60090dbe96dca423af47c8d55cc53e172fb4c) Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/checklayer/__init__.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: