From 7ea45838a9a829b040ee09be7680a846827779f6 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 31 Mar 2020 17:22:15 +1100 Subject: [PATCH] Add release notes entry --- doc/notes/notes-current.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index b5362fb5ad..35bfeb40ca 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -14,6 +14,14 @@ Notes for BIND 9.17.2 Security Fixes ~~~~~~~~~~~~~~ +- To prevent exhaustion of server resources by a maliciously configured + domain, the number of recursive queries that can be triggered by a + request before aborting recursion has been further limited. Root and + top-level domain servers are no longer exempt from the + ``max-recursion-queries`` limit. Fetches for missing name server + address records are limited to 4 for any domain. This issue was + disclosed in CVE-2020-8616. [GL #1388] + - Replaying a TSIG BADTIME response as a request could trigger an assertion failure. This was disclosed in CVE-2020-8617. [GL #1703]