https://bugzilla.suse.com/show_bug.cgi?id=1233421 https://bugzilla.suse.com/show_bug.cgi?id=1233421#c2 Cliff Zhao <qzhao@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |qzhao@suse.com --- Comment #2 from Cliff Zhao <qzhao@suse.com> --- (In reply to SMASH SMASH from comment #0)
This vulnerability exposes Avahi-daemon to potential DNS spoofing attacks by using a fixed source port for queries. However, the impact is limited because it only affects wide-area DNS and can be mitigated by forwarding queries to local DNS resolvers (e.g., systemd-resolved), which provide better randomization. The impact is primarily on systems actively using wide-area DNS, with .local mDNS being unaffected.
References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-52615 It returns "CVE ID Not Found" in the above link, maybe this CVE been closed? so I could not get detailed information. May I kindly ask our esteemed security team to look into the cause? Thank you! -- You are receiving this mail because: You are on the CC list for the bug.