[Buildroot] [PATCH v2] package/avahi: add upstream security fix

Thomas Petazzoni thomas.petazzoni at bootlin.com
Thu Mar 14 21:00:25 UTC 2019


On Wed, 13 Mar 2019 02:46:51 +0300
Artem Panfilov <panfilov.artyom at gmail.com> wrote:

> Fixes CVE-2017-6519: avahi-daemon in Avahi through 0.6.32 and 0.7
> inadvertently responds to IPv6 unicast queries with source addresses
> that are not on-link, which allows remote attackers to cause a denial
> of service (traffic amplification) and may cause information leakage
> by obtaining potentially sensitive information from the responding
> device via port-5353 UDP packets.
> 
> Signed-off-by: Artem Panfilov <panfilov.artyom at gmail.com>
> 
> ---
> Changes v1 -> v2:
>   - add "Signed-off-by" and "Backported from" tags in patch
> ---
>  ...ast-queries-from-address-not-on-loca.patch | 48 +++++++++++++++++++
>  1 file changed, 48 insertions(+)
>  create mode 100644 package/avahi/0001-Drop-legacy-unicast-queries-from-address-not-on-loca.patch

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


More information about the buildroot mailing list