[Python-modules-team] Security issue in python-dns
Scott Kitterman
debian at kitterman.com
Thu Jul 10 22:13:01 UTC 2008
Python-dns is used by python-spf and python-formencode.
I wanted to let you know that python-dns has problems with respect to the
current DNS cache issue. See
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217 for details.
Python-dns upstream is going to do a release that will at least provide TID
randomization. It's his position though that since python-dns opens a new
socket for each request, it's the OS job to randomize the port. 2.6.24 will
do this, but the Etch kernel will not.
So, after upstream is done, I think Lenny/Sid will be OK, but Etch will still
not have port randomization. I know nothing about python-formencode's usage
of python-dns. Does this present a security risk?
Scott K
Maintainer for python-dns and python-spf
More information about the Python-modules-team
mailing list