Описание
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-github-miekg-dns | fixed | 1.1.26-1 | package | |
| golang-github-miekg-dns | no-dsa | buster | package | |
| golang-github-miekg-dns | no-dsa | stretch | package |
Примечания
https://github.com/coredns/coredns/issues/3519
https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33
https://github.com/miekg/dns/issues/1043
https://github.com/miekg/dns/pull/1044
Связанные уязвимости
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
