/etc/xinetd.d/swat currently has:
only_from = localhost
This causes xinetd to do a reverse name lookup for each connection on that
service to see if it's canonical name is 'localhost'. For better security
it should read:
only_from = 127.0.0.1
*** This bug has been marked as a duplicate of 16573 ***
No, this is something different: it's a security problem (DNS spoofing) rather
than a confused application.
It's the same fix, however. :)
... and it's fixed in -22.
*** Bug 22995 has been marked as a duplicate of this bug. ***