CVE-2017-6519

Priority
Low
Description
avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 unicast
queries with source addresses that are not on-link, which allows remote
attackers to cause a denial of service (traffic amplification) or obtain
potentially sensitive information via port-5353 UDP packets. NOTE: this may
overlap CVE-2015-2809.
References
Notes
 sbeattie> MITIGATION: block udp port 5353 at perimeter firewall
Package
Source: avahi (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 17.04 (Zesty Zapus):needs-triage
More Information

Updated: 2017-08-11 23:26:09 UTC (commit 13081)