Bugzilla – Bug 951787
VUL-0: CVE-2015-7987,CVE-2015-7988: mDNSResponder: Bonjour mDNSResponder vulnerability [VU#143335]
Last modified: 2016-12-12 13:01:30 UTC
Now we have avahi. It has a completely different API, and the mDNSResponder API is provided as a translation layer. So the common code base is not large, if any. I just checked function names mentioned in the report, and there is no match in avahi. (I checked the old version avahi-0.6.25 released 2009.) Regarding mDNSResponder-lib on SLES 10 SP4 LTSS: It would be good to know, whether the vulnerability could be triggered remotely, using a specially crafted mDNS packet, or just locally.
bugbot adjusting priority
The package mDNSResponder-lib in the legacy SLE 11 family of SUSE Enterprise products derives code from mDNSResponder, but does not contain vulnerable code as advised for these vulnerabilities tracked under VU#1543335.
CRD: postponed to moved early 2016
CRD: 2016-06-20
https://www.kb.cert.org/vuls/id/143335