CVS: cvs.openbsd.org: src

Stuart Henderson Tue, 09 Dec 2014 08:12:58 -0800

CVSROOT:        /cvs
Module name:    src
Changes by:     st...@cvs.openbsd.org   2014/12/09 09:11:43


Modified files:
        usr.sbin/unbound/iterator: Tag: OPENBSD_5_6 iterator.c 
                                   iterator.h 

Log message:
Backport fix for CVE-2014-8602 - Limit the number of fetches performed
for a DNS query, to avoid the resolver being tricked into following an
endless series of delegations, consuming a lot of resources. Many DNS
recursive resolvers are affected by this bug (including BIND, Unbound,
and PowerDNS recursor). More details at:

http://www.unbound.net/pipermail/unbound-users/2014-December/003662.html

Diff from florian@, tested by myself.

CVS: cvs.openbsd.org: src

Reply via email to