avahi: fix CVE-2024-52616 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Zhang Peng <peng.zhang1.cn@windriver.com>	2025-01-16 15:26:47 +0800
committer	Steve Sakoman <steve@sakoman.com>	2025-01-24 07:49:28 -0800
commit	744e331d5be1d13d203f3056b2e628e61f665bb0 (patch)
tree	1f0a759a1d9142973c0a5fa13f070016aeea0058 /scripts/pybootchartgui/pybootchartgui.py
parent	65d58821e0496c90594176fdb2ef2c240f86bcd9 (diff)
download	poky-744e331d5be1d13d203f3056b2e628e61f665bb0.tar.gz

avahi: fix CVE-2024-52616

CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52616] [https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm] Upstream patches: [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7] (From OE-Core rev: 7708d0c346b23ab3e687e2a2ca464d77d55cebd7) Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/pybootchartgui/pybootchartgui.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: