Gentoo Linux Security Advisory [UPDATE] GLSA 200804-22:03 - Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers (CVE-2008-1637). Thomas Biege of SUSE pointed out that a prior fix to resolve this issue was incomplete, as it did not always enable the stronger random number generator for source port selection (CVE-2008-3217). Versions less than 3.1.6 are affected.
7d5cac259201a9e986b7929ca9688bd105efdfe46b13c0ddf4e960f3611835ac
Debian Security Advisory 1544-2 - Thomas Biege discovered that the upstream fix for the weak random number randomization did still not use difficult-to-predict random numbers. This is corrected in this security update.
786389ef31e587d5656cdffdd2ffe831943fdd6fa20bae122c93ef1d71d1e342
Gentoo Linux Security Advisory GLSA 200804-22 - Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers. Versions less than 3.1.5 are affected.
f823b54f7bf237110736d4b9631ff06cf6f844a5345ea0258af1485d94cf6dea
Debian Security Advisory 1544-1 - Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses a weak random number generator to create DNS transaction IDs and UDP source port numbers. As a result, cache poisoning attacks were simplified.
34b28618f53686ec50a6ed32dab59f6c2876d3f1bfc3242c71bb8b32d6e82dfb