Forum: >>> Magnum BBS <<<

Bug#1088110: avahi: CVE-2024-52615: Avahi Wide-Area DNS Uses Constant S

From Salvatore Bonaccorso@1:229/2 to Salvatore Bonaccorso on Thu Jul 3 05:50:01 2025

From: [email protected]

Control: forwarded -1 https://github.com/avahi/avahi/pull/662
Control: tags -1 + fixed-upstream

Hi,

On Sat, Nov 23, 2024 at 02:23:34PM +0100, Salvatore Bonaccorso wrote:

Source: avahi
Version: 0.8-13
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 0.8-10

Hi,

The following vulnerability was published for avahi.

Filling for having a tracker reference.

CVE-2024-52615[0]:
| A flaw was found in Avahi-daemon, which relies on fixed source ports
| for wide-area DNS queries. This issue simplifies attacks where
| malicious DNS responses are injected.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-52615
https://www.cve.org/CVERecord?id=CVE-2024-52615
[1] https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g

Appears that this got fixed upstream, cf. https://github.com/avahi/avahi/pull/662 and https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942 .

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (3 / 13)
Uptime:	43:02:05
Calls:	12,111
Calls today:	2
Files:	15,008
Messages:	6,518,438