[Pkg-utopia-maintainers] Bug#1088110: avahi: CVE-2024-52615: Avahi Wide-Area DNS Uses Constant Source Port
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 3 04:44:27 BST 2025
Control: forwarded -1 https://github.com/avahi/avahi/pull/662
Control: tags -1 + fixed-upstream
Hi,
On Sat, Nov 23, 2024 at 02:23:34PM +0100, Salvatore Bonaccorso wrote:
> Source: avahi
> Version: 0.8-13
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
> Control: found -1 0.8-10
>
> Hi,
>
> The following vulnerability was published for avahi.
>
> Filling for having a tracker reference.
>
> CVE-2024-52615[0]:
> | A flaw was found in Avahi-daemon, which relies on fixed source ports
> | for wide-area DNS queries. This issue simplifies attacks where
> | malicious DNS responses are injected.
>
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2024-52615
> https://www.cve.org/CVERecord?id=CVE-2024-52615
> [1] https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g
Appears that this got fixed upstream, cf.
https://github.com/avahi/avahi/pull/662 and
https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942
.
Regards,
Salvatore
More information about the Pkg-utopia-maintainers
mailing list