New changelog entries:
* SECURITY UPDATE: remote denial of service.
* lib/dns/include/dns/validator.h, lib/dns/{validator,resolver}.c,
lib/dns/api: fixes taken from upstream changes between bind 9.3.3 and
9.3.4, applied inline.
* References
CVE-2007-0493 CVE-2007-0494
New changelog entries:
* SECURITY UPDATE: remote denial of service.
* lib/dns/include/dns/validator.h, lib/dns/{validator,resolver}.c,
lib/dns/api: fixes taken from upstream changes between bind 9.3.3 and
9.3.4, applied inline.
* References
CVE-2007-0493 CVE-2007-0494
New changelog entries:
* SECURITY UPDATE: name servers accessible from the Internet could be
used as an amplifier in DDoS attacks against other networks.
* debian/named.conf.options: allow recursion only on localnets. This
matches the default configuration of listening on all interfaces, and
gives a reasonable balance between allowing local recursion, and
protecting the server from being used in a DDoS attack.
* References
CVE-2006-0987 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248899
New changelog entries:
* SECURITY UPDATE: name servers accessible from the Internet could be
used as an amplifier in DDoS attacks against other networks.
* debian/named.conf.options: allow recursion only on localnets. This
matches the default configuration of listening on all interfaces, and
gives a reasonable balance between allowing local recursion, and
protecting the server from being used in a DDoS attack.
* References
CVE-2006-0987 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248899