Описание
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| avahi | unfixed | package | ||
| avahi | no-dsa | trixie | package | |
| avahi | no-dsa | bookworm | package | |
| avahi | postponed | bullseye | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2326418
https://github.com/avahi/avahi/issues/254
https://github.com/avahi/avahi/issues/254#issuecomment-2480519212
turn off wide-area feature: https://github.com/avahi/avahi/pull/577
Revisiting of feature: https://github.com/avahi/avahi/issues/578
https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g
https://github.com/avahi/avahi/pull/662
Fixed by: https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942
Mitiated by default since avahi/0.8-17 with enable-wide-area=no (but fixing commit not applied)
EPSS
Связанные уязвимости
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
EPSS