Common Vulnerabilities and Exposures assigned an identifier CVE-2014-4883 to
the following vulnerability:
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in
lwIP 1.4.1 and earlier, does not use random values for ID fields and
source ports of DNS query packets, which makes it easier for
man-in-the-middle attackers to conduct cache-poisoning attacks via
spoofed reply packets.
NOTE: Xen as shipped with Fedora contains an embedded copy of lwip. It's not known for certain whether the affected functionality affects Xen, however.
Looking at xen-4.3.3/stubdom/lwip/src/core/dns.c the code is quite a bit different (note this is lwip-1.3.0) and it doesn't seem to even make an attempt at randomization in any way so the patch noted above may not be sufficient.
I am going to file a Fedora tracking bug for this; the Xen developer will know best whether or not this is something that concerns Xen at all.
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1169009]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.