| Description: |
This update for bind fixes the following issues:
- Amended documentation referring to rule types 'krb5-subdomain' and 'ms-subdomain'. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. [CVE-2018-5741] - Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server address records are limited to 4 for any domain. [CVE-2020-8616] - Replaying a TSIG BADTIME response as a request could trigger an assertion failure. [CVE-2020-8617] [bsc#1109160, bsc#1171740, CVE-2018-5741, bind-CVE-2018-5741.patch, CVE-2020-8616, bind-CVE-2020-8616.patch, CVE-2020-8617, bind-CVE-2020-8617.patch]
- Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367 bsc#1118368) - Using a drop-in file
|