From: Mark Andrews Date: Tue, 31 Mar 2020 06:22:15 +0000 (+1100) Subject: Add release notes entry X-Git-Tag: v9.17.2~67^2^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7ea45838a9a829b040ee09be7680a846827779f6;p=thirdparty%2Fbind9.git Add release notes entry --- diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index b5362fb5ad6..35bfeb40caf 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -14,6 +14,14 @@ Notes for BIND 9.17.2 Security Fixes ~~~~~~~~~~~~~~ +- To prevent exhaustion of server resources by a maliciously configured + domain, the number of recursive queries that can be triggered by a + request before aborting recursion has been further limited. Root and + top-level domain servers are no longer exempt from the + ``max-recursion-queries`` limit. Fetches for missing name server + address records are limited to 4 for any domain. This issue was + disclosed in CVE-2020-8616. [GL #1388] + - Replaying a TSIG BADTIME response as a request could trigger an assertion failure. This was disclosed in CVE-2020-8617. [GL #1703]