Preface: Avahi is a free zero-configuration networking (zeroconf) implementation, including a system for multicast DNS/DNS-SD service discovery.
Multicast DNS (mDNS) is a protocol that uses packets similar to unicast DNS except sent over a multicast link to resolve hostnames.
Vulnerability found in Avahi:
The vulnerability exists because the affected software misses link-local checks, causing the multicast DNS (mDNS) protocol to respond to IPv6 unicast queries with source addresses that are not on-link.
Impact: Remote attacker to access sensitive information on a targeted system or conduct DDoS!
Remedy released finally: 22 Dec 2018
Remark: Happy Lunar New Year. Kung Hei Fat Choi!