upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add release notes entry

Browse source
This commit is contained in:
Mark Andrews 2020-03-31 17:22:15 +11:00 committed by Michał Kępień
parent 5040582843
commit c097015732
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
doc/arm/notes-9.14.12.xml
View file

@ -13,6 +13,17 @@
<section xml:id="relnotes-9.14.12-security"><info><title>Security Fixes</title></info>
<itemizedlist>
<listitem>
<para>
To prevent exhaustion of server resources by a maliciously configured
domain, the number of recursive queries that can be triggered by a
request before aborting recursion has been further limited. Root and
top-level domain servers are no longer exempt from the
<command>max-recursion-queries</command> limit. Fetches for missing
name server address records are limited to 4 for any domain. This
issue was disclosed in CVE-2020-8616. [GL #1388]
</para>
</listitem>
<listitem>
<para>
Replaying a TSIG BADTIME response as a request could