openSUSE has issued an advisory on December 3: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/G3ABDXZMFN73MQ62ZJOBQIVUE3HAEKVL/ Fix: https://github.com/avahi/avahi/pull/577 (avahi-daemon.conf: turn off wide-area)
Source RPM: (none) => avahi-0.8-13.mga10.src.rpm, avahi-0.8-10.1.mga9.src.rpmStatus comment: (none) => Patch available from openSUSE and upstreamCVE: (none) => CVE-2024-52615, CVE-2024-52616Whiteboard: (none) => MGA9TOO
This package have no registered maintainer. Assigning last packager. If you can not take it, please assign to all.
Assignee: bugsquad => pterjanCC: (none) => fri
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Avahi wide-area dns uses constant source port. (CVE-2024-52615) Avahi wide-area dns predictable transaction ids. (CVE-2024-52616) References: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/G3ABDXZMFN73MQ62ZJOBQIVUE3HAEKVL/ ======================== Updated packages in core/updates_testing: ======================== avahi-0.8-10.2.mga9 avahi-dnsconfd-0.8-10.2.mga9 avahi-sharp-0.8-10.2.mga9 avahi-sharp-doc-0.8-10.2.mga9 avahi-x11-0.8-10.2.mga9 lib(64)avahi-client3-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-client-devel-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-common3-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-common-devel-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-compat-howl0-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-compat-howl-devel-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-compat-libdns_sd1-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-compat-libdns_sd-devel-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-core7-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-core-devel-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-gir0.6-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-glib1-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-glib-devel-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-gobject0-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-gobject-devel-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-libevent1-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-libevent-devel-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-qt5_1-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-qt5-devel-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-ui-gtk3_0-0.8-10.2.mga9.x86_64.rpm lib(64)avahi-ui-gtk3-devel-0.8-10.2.mga9.x86_64.rpm lib(64)avahicore-gir0.6-0.8-10.2.mga9.x86_64.rpm from SRPM: avahi-0.8-10.2.mga9.src.rpm
Source RPM: avahi-0.8-13.mga10.src.rpm, avahi-0.8-10.1.mga9.src.rpm => avahi-0.8-10.1.mga9.src.rpmAssignee: pterjan => qa-bugsStatus comment: Patch available from openSUSE and upstream => (none)Version: Cauldron => 9Whiteboard: MGA9TOO => (none)Status: NEW => ASSIGNED
MGA9-64 Plasma Wayland on Compaq H000SB No installation issues. Ref bug 32363 Comment 6 for testing. Used the commands avahi-discover-standalone and avahi-browse --all -t Both providing sensible output. OK for me.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
Keywords: (none) => advisory
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0007.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED