avahi: fix CVE-2024-52616 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Zhang Peng <peng.zhang1.cn@windriver.com>	2025-07-17 17:34:38 +0800
committer	Steve Sakoman <steve@sakoman.com>	2025-07-24 12:36:36 -0700
commit	ac2dec7e509c2cd4b583704092f741bdc2f85142 (patch)
tree	fc53ce58d43ca0e8b9950bd75d9585a9b0036410 /scripts/lib/devtool/search.py
parent	67269d1b228e47858fdb3b09968345642927f64e (diff)
download	poky-ac2dec7e509c2cd4b583704092f741bdc2f85142.tar.gz

avahi: fix CVE-2024-52616

CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52616] [https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm] Upstream patches: [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7] (From OE-Core rev: 0376d69c39305333f2b2817ae7a1f4911f63e2e9) Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry pick from commit: 28de3f131b17dc4165df927060ee51f0de3ada90) Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/search.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: