Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591 Summary: c-ares < 1.4.0 DNS cache poisoning vulnerability Product: Fedora Extras Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: c-ares AssignedTo: tcallawa@xxxxxxxxxx ReportedBy: ville.skytta@xxxxxx QAContact: extras-qa@xxxxxxxxxxxxxxxxx CC: fedora-security-list@xxxxxxxxxx http://www.vuxml.org/freebsd/70ae62b0-16b0-11dc-b803-0016179b2dd5.html "The vulnerability is caused due to predictable DNS "Transaction ID" field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
