projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5dd6c8a) | patch
bind: Bump to 9.17.19 17010/head
authorPhilip Prindeville <philipp@redfish-solutions.com>
Thu, 28 Oct 2021 19:44:44 +0000 (13:44 -0600)
committerPhilip Prindeville <philipp@redfish-solutions.com>
Thu, 28 Oct 2021 20:06:07 +0000 (14:06 -0600)
commitc2de702cbdb0034a84550589195fe95df25572b9
tree65122dd3b958a936439e27c1a12188476cb7f9e7tree | snapshot
parent5dd6c8ad4617b24fa54bc5d26f37e25132315f17commit | diff
bind: Bump to 9.17.19

The following CVE updates are included:

* CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This
  effectively disables the lame server cache, as it could previously be
  abused by an attacker to significantly degrade resolver performance.

* CVE-2021-25218: An assertion failure occurred when named attempted
  to send a UDP packet that exceeded the MTU size, if Response Rate
  Limiting (RRL) was enabled.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
net/bind/Makefile diff | blob | history
Mirror of packages feed