| Summary: | net-dns/pdns-recursor <3.1.6 Weak random source port selection (CVE-2008-3217) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | swegener |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6 | ||
| Whiteboard: | B3 [glsa errata] | ||
| Package list: | Runtime testing required: | --- | |
Arches, please test and mark stable: =net-dns/pdns-recursor-3.1.6 Target keywords : "amd64 x86" x86 stable amd64 stable, all arches done. I would vote Yes like we previously did on other cache-poisoning vulnerabilities. refer to GLSA 200804-22 YES, request filed This should be an erratum as it was reported fixed by bug #215567 / GLSA 200804-22. update sent. |
Quoting $URL: The new high-quality random generator was not used for all random numbers, especially in source port selection. This means that 3.1.5 is still a lot more secure than 3.1.4 was, and its algorithms more secure than most other nameservers, but it also means 3.1.5 is not as secure as it could be. A quick upgrade is recommended. Discovered by Thomas Biege of Novell (SUSE), fixed in commit 1179. http://wiki.powerdns.com/projects/trac/changeset/1179