mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00
Code Issues Releases Wiki Activity

Add a CHANGES note for [GL #4480]

Browse Source
This commit is contained in:
Aram Sargsyan 2024-03-27 14:59:37 +00:00 committed by Nicki Křížek
parent 7ca9bd6014
commit 3bb9241bec
No known key found for this signature in database
GPG Key ID: 01623B9B652A20A7
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGES
View File

@ -1,3 +1,13 @@
6402. [security] A malicious DNS client that sends many queries with a
SIG(0)-signed message can cause the server to respond
slowly or not respond at all to other clients. Use the
offload threadpool for SIG(0) signature verifications,
add the 'sig0checks-quota' configuration option to
introduce a quota for SIG(0)-signed queries running in
parallel and add the 'sig0checks-quota-exempt' option to
exempt certain clients by their IP/network addresses.
(CVE-2024-1975) [GL #4480]
6401. [security] An excessively large number of rrtypes per owner can
slow down database query processing, so a limit has been
placed on the number of rrtypes that can be stored per