https://bugzilla.suse.com/show_bug.cgi?id=1233420 Bug ID: 1233420 Summary: VUL-0: CVE-2024-52616: avahi: Avahi Wide-Area DNS Predictable Transaction IDs Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/428652/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: gnome-bugs@suse.de Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: stoyan.manolov@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- The sequential increment of DNS transaction IDs makes Avahi vulnerable to DNS spoofing, allowing attackers to inject malicious DNS records. This can compromise the integrity of DNS responses, redirecting users to potentially harmful domains. This vulnerability poses a greater risk as it directly undermines the integrity of DNS resolution, affecting all systems using Avahi for wide-area DNS queries unless mitigations are applied. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 -- You are receiving this mail because: You are on the CC list for the bug.