ALT Linux Team

Package avahi update in sisyphus on 2025-01-20

ALT-PU-2025-1591-1

Package avahi updated to version 0.8-alt5 for branch sisyphus in task 370646.

Closed vulnerabilities

Published: 2024-11-22

CVE-2024-52616

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top