[Buildroot] [PATCH] package/bind: security bump to version 9.11.19
Peter Korsgaard
peter at korsgaard.com
Sun May 31 21:15:04 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> - (9.11.18) DNS rebinding protection was ineffective when BIND 9 is
> configured as a forwarding DNS server. Found and responsibly reported by
> Tobias Klein. [GL #1574]
> - (9.11.19) To prevent exhaustion of server resources by a maliciously
> configured domain, the number of recursive queries that can be triggered
> by a request before aborting recursion has been further limited. Root and
> top-level domain servers are no longer exempt from the
> max-recursion-queries limit. Fetches for missing name server address
> records are limited to 4 for any domain. This issue was disclosed in
> CVE-2020-8616. [GL #1388]
> - (9.11.19) Replaying a TSIG BADTIME response as a request could trigger an
> assertion failure. This was disclosed in CVE-2020-8617. [GL #1703]
> Also update the COPYRIGHT hash for a change of copyright year and adjust the
> spacing for the new agreements.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2020.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list