avahi: fix CVE-2024-52616 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Zhang Peng <peng.zhang1.cn@windriver.com>	2025-01-16 21:51:38 +0800
committer	Steve Sakoman <steve@sakoman.com>	2025-01-24 07:59:38 -0800
commit	0d1f714793cb73f3e4a95e67e2f7d5ebd98a3462 (patch)
tree	260e806dda3429d84b6b9dd1ae7ebf73d6885c66 /meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
parent	a65e0b9646335de25a906954dec9826c091d1fe2 (diff)
download	poky-0d1f714793cb73f3e4a95e67e2f7d5ebd98a3462.tar.gz

avahi: fix CVE-2024-52616

CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52616] [https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm] Upstream patches: [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7] (From OE-Core rev: 28de3f131b17dc4165df927060ee51f0de3ada90) Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: