[Buildroot] [PATCH v2] package/avahi: add upstream security fix
Peter Korsgaard
peter at korsgaard.com
Mon Mar 25 20:22:26 UTC 2019
>>>>> "Artem" == Artem Panfilov <panfilov.artyom at gmail.com> writes:
> Fixes CVE-2017-6519: avahi-daemon in Avahi through 0.6.32 and 0.7
> inadvertently responds to IPv6 unicast queries with source addresses
> that are not on-link, which allows remote attackers to cause a denial
> of service (traffic amplification) and may cause information leakage
> by obtaining potentially sensitive information from the responding
> device via port-5353 UDP packets.
> Signed-off-by: Artem Panfilov <panfilov.artyom at gmail.com>
> ---
> Changes v1 -> v2:
> - add "Signed-off-by" and "Backported from" tags in patch
Committed to 2018.02.x, 2018.11.x and 2019.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list