https://bugzilla.redhat.com/show_bug.cgi?id=1279242 The gist of this bug is that NetworkManager on Fedora 23 and Rawhide does not have RFC4941 privacy extensions enabled. So the IPv6 address is predicated on a real MAC address (at least on baremetal) and the address is not temporary and is never deprecated. This is reported to have worked correctly on Fedora 22. Could this be assessed for security impact, in particular as it relates to Fedora release criteria? https://fedoraproject.org/wiki/Fedora_24_Final_Release_Criteria#Security_bugs How would this get fixed with an update? Is there a mechanism to sed the user configuration to change ipv6.ip-privacy to 2? Or is this something that's likely stuck with a value of -1 for the live of the release, unless the user manually makes a change? Thanks, -- Chris Murphy -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/security@xxxxxxxxxxxxxxxxxxxxxxx
