https://bugzilla.suse.com/show_bug.cgi?id=1233420 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gnome-bugs@suse.de Flags| |needinfo?(gnome-bugs@suse.d | |e) -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1233420 https://bugzilla.suse.com/show_bug.cgi?id=1233420#c2 Cliff Zhao <qzhao@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |qzhao@suse.com --- Comment #2 from Cliff Zhao <qzhao@suse.com> --- (In reply to SMASH SMASH from comment #0)

The sequential increment of DNS transaction IDs makes Avahi vulnerable to DNS spoofing, allowing attackers to inject malicious DNS records. This can compromise the integrity of DNS responses, redirecting users to potentially harmful domains. This vulnerability poses a greater risk as it directly undermines the integrity of DNS resolution, affecting all systems using Avahi for wide-area DNS queries unless mitigations are applied.

References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429

It returns "CVE ID Not Found" in the above link, maybe this CVE been closed? so I could not get detailed information, usually there should have a debug info, or some log, or crash dump... May I kindly ask our esteemed security team to look into the cause? Thank you very much! -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1233420 https://bugzilla.suse.com/show_bug.cgi?id=1233420#c10 --- Comment #10 from Maintenance Automation <maint-coord+maintenance-robot@suse.de> --- SUSE-SU-2024:4196-1: An update that solves one vulnerability can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20244196-1 Category: security (moderate) Bug References: 1233420 CVE References: CVE-2024-52616 Maintenance Incident: [SUSE:Maintenance:36660](https://smelt.suse.de/incident/36660/) Sources used: openSUSE Leap 15.6 (src): avahi-glib2-0.8-150600.15.6.1, avahi-0.8-150600.15.6.1, avahi-qt5-0.8-150600.15.6.1 Basesystem Module 15-SP6 (src): avahi-glib2-0.8-150600.15.6.1, avahi-0.8-150600.15.6.1 Desktop Applications Module 15-SP6 (src): avahi-glib2-0.8-150600.15.6.1, avahi-0.8-150600.15.6.1 SUSE Package Hub 15 15-SP6 (src): avahi-0.8-150600.15.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1233420 https://bugzilla.suse.com/show_bug.cgi?id=1233420#c13 --- Comment #13 from Maintenance Automation <maint-coord+maintenance-robot@suse.de> --- SUSE-SU-2024:4282-1: An update that solves one vulnerability can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20244282-1 Category: security (moderate) Bug References: 1233420 CVE References: CVE-2024-52616 Maintenance Incident: [SUSE:Maintenance:36739](https://smelt.suse.de/incident/36739/) Sources used: SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (src): avahi-0.6.32-32.30.1, avahi-glib2-0.6.32-32.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1233420 https://bugzilla.suse.com/show_bug.cgi?id=1233420#c16 --- Comment #16 from Maintenance Automation <maint-coord+maintenance-robot@suse.de> --- SUSE-SU-2024:4386-1: An update that solves one vulnerability and has one security fix can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20244386-1 Category: security (moderate) Bug References: 1226586, 1233420 CVE References: CVE-2024-52616 Maintenance Incident: [SUSE:Maintenance:36666](https://smelt.suse.de/incident/36666/) Sources used: openSUSE Leap 15.4 (src): avahi-qt5-0.8-150400.7.20.1, avahi-glib2-0.8-150400.7.20.1, avahi-0.8-150400.7.20.1 openSUSE Leap Micro 5.5 (src): avahi-0.8-150400.7.20.1 openSUSE Leap 15.5 (src): avahi-qt5-0.8-150400.7.20.1, avahi-glib2-0.8-150400.7.20.1, avahi-0.8-150400.7.20.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): avahi-0.8-150400.7.20.1 SUSE Linux Enterprise Micro 5.3 (src): avahi-0.8-150400.7.20.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): avahi-0.8-150400.7.20.1 SUSE Linux Enterprise Micro 5.4 (src): avahi-0.8-150400.7.20.1 SUSE Linux Enterprise Micro 5.5 (src): avahi-0.8-150400.7.20.1 Basesystem Module 15-SP5 (src): avahi-glib2-0.8-150400.7.20.1, avahi-0.8-150400.7.20.1 Desktop Applications Module 15-SP5 (src): avahi-glib2-0.8-150400.7.20.1, avahi-0.8-150400.7.20.1 SUSE Package Hub 15 15-SP5 (src): avahi-0.8-150400.7.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.