projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 74a43e2) | patch
package/avahi: add upstream security fix
authorArtem Panfilov <panfilov.artyom@gmail.com>
Tue, 12 Mar 2019 23:46:51 +0000 (02:46 +0300)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Thu, 14 Mar 2019 20:58:19 +0000 (21:58 +0100)
commit1e17adf1c5ee1cecd747f84fff8f6261c1e8a476
treefe132cab521d20f37e69dcb5bb69f6c4a35c95aftree
parent74a43e251791336729ac901a0a8a2a130573ded2commit | diff
package/avahi: add upstream security fix

Fixes CVE-2017-6519: avahi-daemon in Avahi through 0.6.32 and 0.7
inadvertently responds to IPv6 unicast queries with source addresses
that are not on-link, which allows remote attackers to cause a denial
of service (traffic amplification) and may cause information leakage
by obtaining potentially sensitive information from the responding
device via port-5353 UDP packets.

Signed-off-by: Artem Panfilov <panfilov.artyom@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/avahi/0001-Drop-legacy-unicast-queries-from-address-not-on-loca.patch [new file with mode: 0644] blob