Bugzilla – Bug 1159274
VUL-0: CVE-2019-19794: coredns: The miekg Go DNS package improperly generates random numbers because math/rand is used
Last modified: 2022-02-13 11:45:24 UTC
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and
other products, improperly generates random numbers because math/rand is used.
The TXID becomes predictable, leading to response forgeries.
CAASP 4.0 and 4.5 is tracked affected. Factory is already fixed.
CaaSP 4.5 is already at 1.6.7, only CaaSP 4.2 is affected.