Red Hat Bugzilla – Bug 243591
CVE-2007-3152, CVE-2007-3153: c-ares older than 1.4.0 DNS cache poisoning vulnerability
Last modified: 2007-11-30 17:12:07 EST
"The vulnerability is caused due to predictable DNS "Transaction ID" field in
DNS queries and can be exploited to poison the DNS cache of an application using
the library if a valid ID is guessed."
CVE id's assigned: CVE-2007-3152, CVE-2007-3153
change of subject to not trip up bodhi
c-ares-1.4.0-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.