Red Hat Bugzilla – Bug 462764
CVE-2008-4099 python-PyDNS: insecure DNS transaction ids
Last modified: 2010-12-23 18:42:13 EST
PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use
random source ports or transaction IDs for DNS requests, which makes
it easier for remote attackers to spoof DNS responses, a different
vulnerability than CVE-2008-1447.
Created python-pydns tracking bugs for this issue
Affects: F8 [bug #462765]
Affects: F9 [bug #462766]
Affects: Fdevel [bug #462767]
Affects: epel-5 [bug #462768]
Current Fedora and EPEL have 2.3.3, so this is no longer an issue there.