SUSE update for avahi

Published: 2024-12-11

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-52616
CWE-ID	CWE-337
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	SUSE Linux Enterprise Server 12 SP5 LTSS Extended Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system avahi-lang Operating systems & Components / Operating system package or component libdns_sd-32bit Operating systems & Components / Operating system package or component avahi-debuginfo Operating systems & Components / Operating system package or component libavahi-core7 Operating systems & Components / Operating system package or component libavahi-glib1 Operating systems & Components / Operating system package or component avahi-utils Operating systems & Components / Operating system package or component libavahi-client3-debuginfo Operating systems & Components / Operating system package or component avahi-debugsource Operating systems & Components / Operating system package or component libdns_sd-debuginfo Operating systems & Components / Operating system package or component avahi-utils-debuginfo Operating systems & Components / Operating system package or component libdns_sd Operating systems & Components / Operating system package or component libavahi-common3-debuginfo-32bit Operating systems & Components / Operating system package or component avahi-glib2-debugsource Operating systems & Components / Operating system package or component libavahi-common3-32bit Operating systems & Components / Operating system package or component libavahi-glib1-32bit Operating systems & Components / Operating system package or component avahi Operating systems & Components / Operating system package or component libavahi-client3-32bit Operating systems & Components / Operating system package or component libavahi-core7-debuginfo Operating systems & Components / Operating system package or component libavahi-client3 Operating systems & Components / Operating system package or component avahi-debuginfo-32bit Operating systems & Components / Operating system package or component libavahi-common3 Operating systems & Components / Operating system package or component libdns_sd-debuginfo-32bit Operating systems & Components / Operating system package or component libavahi-client3-debuginfo-32bit Operating systems & Components / Operating system package or component libavahi-common3-debuginfo Operating systems & Components / Operating system package or component libavahi-glib1-debuginfo-32bit Operating systems & Components / Operating system package or component libavahi-glib1-debuginfo Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Predictable Seed in Pseudo-Random Number Generator (PRNG)

EUVDB-ID: #VU101681

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-52616

CWE-ID: CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to software initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. A remote attacker can predict subsequent transaction IDs and perform DNS spoofing attack.

Mitigation

Update the affected package avahi to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

avahi-lang: before 0.6.32-32.30.1

libdns_sd-32bit: before 0.6.32-32.30.1

avahi-debuginfo: before 0.6.32-32.30.1

libavahi-core7: before 0.6.32-32.30.1

libavahi-glib1: before 0.6.32-32.30.1

avahi-utils: before 0.6.32-32.30.1

libavahi-client3-debuginfo: before 0.6.32-32.30.1

avahi-debugsource: before 0.6.32-32.30.1

libdns_sd-debuginfo: before 0.6.32-32.30.1

avahi-utils-debuginfo: before 0.6.32-32.30.1

libdns_sd: before 0.6.32-32.30.1

libavahi-common3-debuginfo-32bit: before 0.6.32-32.30.1

avahi-glib2-debugsource: before 0.6.32-32.30.1

libavahi-common3-32bit: before 0.6.32-32.30.1

libavahi-glib1-32bit: before 0.6.32-32.30.1

avahi: before 0.6.32-32.30.1

libavahi-client3-32bit: before 0.6.32-32.30.1

libavahi-core7-debuginfo: before 0.6.32-32.30.1

libavahi-client3: before 0.6.32-32.30.1

avahi-debuginfo-32bit: before 0.6.32-32.30.1

libavahi-common3: before 0.6.32-32.30.1

libdns_sd-debuginfo-32bit: before 0.6.32-32.30.1

libavahi-client3-debuginfo-32bit: before 0.6.32-32.30.1

libavahi-common3-debuginfo: before 0.6.32-32.30.1

libavahi-glib1-debuginfo-32bit: before 0.6.32-32.30.1

libavahi-glib1-debuginfo: before 0.6.32-32.30.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2024/suse-su-20244282-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.