Package: pdnsd
Version: 1.2.6-par-1
Severity: grave
Backport the upstream patch attached to the changelog entry:
2008-07-29 Paul Rombouts <p.a.rombouts (at) home.nl>
* src/conff.c,src/dns_query.c
Made the default of the configuration option query_port_start equal to
1024. Also improved the algorithm used by pdnsd to select random source
ports to ensure that each (free) port gets an equal chance of being
selected. This should guarantee random source ports in the range
1024-65535, making pdnsd less vulnerable to some of the issues described
in CERT VU#800113.
The old situation, where pdnsd lets the kernel select the source ports,
is still available by specifying query_port_start=none.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
