SUSE update for avahi



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-52616
CWE-ID CWE-337
Exploitation vector Network
Public exploit N/A
Vulnerable software
openSUSE Leap Micro
Operating systems & Components / Operating system

SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

Desktop Applications Module
Operating systems & Components / Operating system

SUSE Package Hub 15
Operating systems & Components / Operating system

Basesystem Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Micro for Rancher
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop 15
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

avahi-64bit-debuginfo
Operating systems & Components / Operating system package or component

libavahi-glib1-64bit
Operating systems & Components / Operating system package or component

libdns_sd-64bit-debuginfo
Operating systems & Components / Operating system package or component

libavahi-glib1-64bit-debuginfo
Operating systems & Components / Operating system package or component

libavahi-common3-64bit
Operating systems & Components / Operating system package or component

libdns_sd-64bit
Operating systems & Components / Operating system package or component

libavahi-client3-64bit-debuginfo
Operating systems & Components / Operating system package or component

libavahi-client3-64bit
Operating systems & Components / Operating system package or component

libavahi-common3-64bit-debuginfo
Operating systems & Components / Operating system package or component

avahi-lang
Operating systems & Components / Operating system package or component

libdns_sd-32bit-debuginfo
Operating systems & Components / Operating system package or component

libavahi-client3-32bit
Operating systems & Components / Operating system package or component

libavahi-common3-32bit
Operating systems & Components / Operating system package or component

avahi-32bit-debuginfo
Operating systems & Components / Operating system package or component

libavahi-client3-32bit-debuginfo
Operating systems & Components / Operating system package or component

libavahi-common3-32bit-debuginfo
Operating systems & Components / Operating system package or component

libavahi-glib1-32bit-debuginfo
Operating systems & Components / Operating system package or component

libdns_sd-32bit
Operating systems & Components / Operating system package or component

libavahi-glib1-32bit
Operating systems & Components / Operating system package or component

libavahi-common3-debuginfo
Operating systems & Components / Operating system package or component

typelib-1_0-Avahi-0_6
Operating systems & Components / Operating system package or component

libavahi-qt5-1-debuginfo
Operating systems & Components / Operating system package or component

libavahi-libevent1-debuginfo
Operating systems & Components / Operating system package or component

avahi-debugsource
Operating systems & Components / Operating system package or component

libavahi-qt5-1
Operating systems & Components / Operating system package or component

python3-avahi-gtk
Operating systems & Components / Operating system package or component

avahi-debuginfo
Operating systems & Components / Operating system package or component

python3-avahi
Operating systems & Components / Operating system package or component

avahi-glib2-debugsource
Operating systems & Components / Operating system package or component

avahi-utils-gtk
Operating systems & Components / Operating system package or component

avahi-compat-mDNSResponder-devel
Operating systems & Components / Operating system package or component

avahi-compat-howl-devel
Operating systems & Components / Operating system package or component

avahi-autoipd
Operating systems & Components / Operating system package or component

libavahi-gobject0
Operating systems & Components / Operating system package or component

avahi-utils-debuginfo
Operating systems & Components / Operating system package or component

libavahi-devel
Operating systems & Components / Operating system package or component

libavahi-libevent1
Operating systems & Components / Operating system package or component

libavahi-gobject0-debuginfo
Operating systems & Components / Operating system package or component

libavahi-qt5-devel
Operating systems & Components / Operating system package or component

libavahi-glib1
Operating systems & Components / Operating system package or component

libavahi-core7-debuginfo
Operating systems & Components / Operating system package or component

libavahi-common3
Operating systems & Components / Operating system package or component

libhowl0-debuginfo
Operating systems & Components / Operating system package or component

libavahi-ui-gtk3-0
Operating systems & Components / Operating system package or component

libdns_sd
Operating systems & Components / Operating system package or component

libavahi-glib1-debuginfo
Operating systems & Components / Operating system package or component

libavahi-ui-gtk3-0-debuginfo
Operating systems & Components / Operating system package or component

libavahi-core7
Operating systems & Components / Operating system package or component

libavahi-glib-devel
Operating systems & Components / Operating system package or component

libdns_sd-debuginfo
Operating systems & Components / Operating system package or component

libavahi-client3
Operating systems & Components / Operating system package or component

avahi-qt5-debugsource
Operating systems & Components / Operating system package or component

libavahi-gobject-devel
Operating systems & Components / Operating system package or component

avahi-autoipd-debuginfo
Operating systems & Components / Operating system package or component

avahi-utils-gtk-debuginfo
Operating systems & Components / Operating system package or component

libhowl0
Operating systems & Components / Operating system package or component

avahi
Operating systems & Components / Operating system package or component

avahi-utils
Operating systems & Components / Operating system package or component

libavahi-client3-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Predictable Seed in Pseudo-Random Number Generator (PRNG)

EUVDB-ID: #VU101681

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-52616

CWE-ID: CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to software initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. A remote attacker can predict subsequent transaction IDs and perform DNS spoofing attack.

Mitigation

Update the affected package avahi to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.3 - 5.5

Desktop Applications Module: 15-SP5

SUSE Package Hub 15: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.4 - 15.5

avahi-64bit-debuginfo: before 0.8-150400.7.20.1

libavahi-glib1-64bit: before 0.8-150400.7.20.1

libdns_sd-64bit-debuginfo: before 0.8-150400.7.20.1

libavahi-glib1-64bit-debuginfo: before 0.8-150400.7.20.1

libavahi-common3-64bit: before 0.8-150400.7.20.1

libdns_sd-64bit: before 0.8-150400.7.20.1

libavahi-client3-64bit-debuginfo: before 0.8-150400.7.20.1

libavahi-client3-64bit: before 0.8-150400.7.20.1

libavahi-common3-64bit-debuginfo: before 0.8-150400.7.20.1

avahi-lang: before 0.8-150400.7.20.1

libdns_sd-32bit-debuginfo: before 0.8-150400.7.20.1

libavahi-client3-32bit: before 0.8-150400.7.20.1

libavahi-common3-32bit: before 0.8-150400.7.20.1

avahi-32bit-debuginfo: before 0.8-150400.7.20.1

libavahi-client3-32bit-debuginfo: before 0.8-150400.7.20.1

libavahi-common3-32bit-debuginfo: before 0.8-150400.7.20.1

libavahi-glib1-32bit-debuginfo: before 0.8-150400.7.20.1

libdns_sd-32bit: before 0.8-150400.7.20.1

libavahi-glib1-32bit: before 0.8-150400.7.20.1

libavahi-common3-debuginfo: before 0.8-150400.7.20.1

typelib-1_0-Avahi-0_6: before 0.8-150400.7.20.1

libavahi-qt5-1-debuginfo: before 0.8-150400.7.20.1

libavahi-libevent1-debuginfo: before 0.8-150400.7.20.1

avahi-debugsource: before 0.8-150400.7.20.1

libavahi-qt5-1: before 0.8-150400.7.20.1

python3-avahi-gtk: before 0.8-150400.7.20.1

avahi-debuginfo: before 0.8-150400.7.20.1

python3-avahi: before 0.8-150400.7.20.1

avahi-glib2-debugsource: before 0.8-150400.7.20.1

avahi-utils-gtk: before 0.8-150400.7.20.1

avahi-compat-mDNSResponder-devel: before 0.8-150400.7.20.1

avahi-compat-howl-devel: before 0.8-150400.7.20.1

avahi-autoipd: before 0.8-150400.7.20.1

libavahi-gobject0: before 0.8-150400.7.20.1

avahi-utils-debuginfo: before 0.8-150400.7.20.1

libavahi-devel: before 0.8-150400.7.20.1

libavahi-libevent1: before 0.8-150400.7.20.1

libavahi-gobject0-debuginfo: before 0.8-150400.7.20.1

libavahi-qt5-devel: before 0.8-150400.7.20.1

libavahi-glib1: before 0.8-150400.7.20.1

libavahi-core7-debuginfo: before 0.8-150400.7.20.1

libavahi-common3: before 0.8-150400.7.20.1

libhowl0-debuginfo: before 0.8-150400.7.20.1

libavahi-ui-gtk3-0: before 0.8-150400.7.20.1

libdns_sd: before 0.8-150400.7.20.1

libavahi-glib1-debuginfo: before 0.8-150400.7.20.1

libavahi-ui-gtk3-0-debuginfo: before 0.8-150400.7.20.1

libavahi-core7: before 0.8-150400.7.20.1

libavahi-glib-devel: before 0.8-150400.7.20.1

libdns_sd-debuginfo: before 0.8-150400.7.20.1

libavahi-client3: before 0.8-150400.7.20.1

avahi-qt5-debugsource: before 0.8-150400.7.20.1

libavahi-gobject-devel: before 0.8-150400.7.20.1

avahi-autoipd-debuginfo: before 0.8-150400.7.20.1

avahi-utils-gtk-debuginfo: before 0.8-150400.7.20.1

libhowl0: before 0.8-150400.7.20.1

avahi: before 0.8-150400.7.20.1

avahi-utils: before 0.8-150400.7.20.1

libavahi-client3-debuginfo: before 0.8-150400.7.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244386-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###