IPv6 and security: news from the front – January

Published articles

Fernando Gont published an article entitled How to avoid security issues with VPN leaks on dual-stack networks. The article addresses the issue of VPN solutions that do not support the IPv6 protocol. When such solutions are used, some traffic may pass through the network without using the VPN because it only adds a default IPv4 route, not an IPv6 route: IPv6 traffic therefore does not pass through the VPN. The author also points out that there are multiple ways to add IPv6 routes to a host's routing table, making the task of VPN solutions more difficult than with IPv4.

Scott Hogg wrote an article, IPv6 Certifications, In this article, he reviews numerous certifications requiring knowledge of IPv6. He also discusses IPv6-specific training and certifications. While this article isn't directly related to security, training is an essential step before addressing security issues.

Vulnerabilities

A vulnerability affecting cups has been discovered (bug #795624 And bug 891942When the CUPS service is configured to listen on "localhost" only, the service still listens on all IPv6 addresses. This vulnerability only affects certain versions of CUPS.