{"affected":[{"ecosystem_specific":{"binaries":[{"avahi":"0.8-7.1","libavahi-client3":"0.8-7.1","libavahi-common3":"0.8-7.1","libavahi-core7":"0.8-7.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"avahi","purl":"pkg:rpm/suse/avahi&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.8-7.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for avahi fixes the following issues:\n\n- CVE-2024-52615: Resolve fixed source ports for wide-area DNS queries cause DNS responses be injected. (bsc#1233421)\n- CVE-2025-68468: Fixed DoS bug by removing incorrect assertion. (bsc#1256499)\n- CVE-2025-68471: Fixed DoS bug by changing assert to return. (bsc#1256500)\n- CVE-2025-68276: Refuse to create wide-area record browsers when wide-area is off. (bsc#1256498)\n","id":"SUSE-SU-2026:20525-1","modified":"2026-02-26T10:54:54Z","published":"2026-02-26T10:54:54Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-202620525-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233421"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256498"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256499"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256500"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-52615"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-68276"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-68468"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-68471"}],"related":["CVE-2024-52615","CVE-2025-68276","CVE-2025-68468","CVE-2025-68471"],"summary":"Security update for avahi","upstream":["CVE-2024-52615","CVE-2025-68276","CVE-2025-68468","CVE-2025-68471"]}