DSA 1617-1 a security update from Debian says they forgot to update the SE Linux policy that would allow BIND9 to randomize its source ports...
I always found SE Linux to be too complex for my needs, but now it turns out you can actually be more vulnerable when you run SE Linux.
I know enough.
Tags: dns(sec)
