CVE-2017-6519

Priority
Description
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6
unicast queries with source addresses that are not on-link, which allows
remote attackers to cause a denial of service (traffic amplification) and
may cause information leakage by obtaining potentially sensitive
information from the responding device via port-5353 UDP packets. NOTE:
this may overlap CVE-2015-2809.
Notes
 sbeattie> MITIGATION: block udp port 5353 at perimeter firewall
Package
Source: avahi (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (0.6.30-5ubuntu2.3)
Ubuntu 14.04 LTS (Trusty Tahr):released (0.6.31-4ubuntu1.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.6.32~rc+dfsg-1ubuntu2.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.7-3.1ubuntu1.2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (0.7-4ubuntu2.1)
Ubuntu 19.04 (Disco Dingo):released (0.7-4ubuntu5)
Patches:
Upstream:https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f
More Information

Updated: 2019-02-06 23:15:02 UTC (commit c77dea2cc51b46a144a389f17f3ab3ae4dfd6f7c)