Red Hat Bugzilla – Bug 1267714
CVE-2015-5293 RHEV: When "boot protocol" is set to None on an interface, interface still gets IPv6 address
Last modified: 2015-12-17 11:49:24 EST
It is reported that when a bridge device is set up with "None" for the boot
protocol on a network with working IPv6 stateless configuration the host will
receieve a valid SLAAC IPv6 address. This could result in a system being
reachable via IPv6 when it is not intended to be.
*** Bug 1265991 has been marked as a duplicate of this bug. ***
Firewall IPv6 on hosts to prevent network availability.
This issue affects the versions of vdsm as shipped in Red Hat Enterprise Virtualization 3.x. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.