mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-25 10:59:35 -05:00
38 lines
1.4 KiB
XML
38 lines
1.4 KiB
XML
<!--
|
|
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
-
|
|
- This Source Code Form is subject to the terms of the Mozilla Public
|
|
- License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
-
|
|
- See the COPYRIGHT file distributed with this work for additional
|
|
- information regarding copyright ownership.
|
|
-->
|
|
|
|
<section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The TCP client quota set using the <command>tcp-clients</command>
|
|
option could be exceeded in some cases. This could lead to
|
|
exhaustion of file descriptors. This flaw is disclosed in
|
|
CVE-2018-5743. [GL #615]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
In certain configurations, <command>named</command> could crash
|
|
with an assertion failure if <command>nxdomain-redirect</command>
|
|
was in use and a redirected query resulted in an NXDOMAIN from the
|
|
cache. This flaw is disclosed in CVE-2019-6467. [GL #880]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
A race condition could trigger an assertion failure when
|
|
a large number of incoming packets were being rejected.
|
|
This flaw is disclosed in CVE-2019-6471. [GL #942]
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|