From: Michał Kępień Date: Thu, 8 Sep 2022 09:11:30 +0000 (+0200) Subject: Add release note for GL #3394 X-Git-Tag: v9.19.5~7^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=672072812cae9a346f6bc40ea5b1a81a5ca010ba;p=thirdparty%2Fbind9.git Add release note for GL #3394 --- diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index e758ca89662..3411d2448dd 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -15,7 +15,14 @@ Notes for BIND 9.19.5 Security Fixes ~~~~~~~~~~~~~~ -- None. +- Previously, there was no limit to the number of database lookups + performed while processing large delegations, which could be abused to + severely impact the performance of :iscman:`named` running as a + recursive resolver. This has been fixed. (CVE-2022-2795) + + ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat + Bremler-Barr & Shani Stajnrod from Reichman University for bringing + this vulnerability to our attention. :gl:`#3394` Known Issues ~~~~~~~~~~~~