about summary refs log tree commit diff
path: root/NEWS
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2017-04-13 13:09:38 +0200
committerFlorian Weimer <fweimer@redhat.com>2017-04-13 13:09:38 +0200
commite14a27723cc3a154d67f3f26e719d08c0ba9ad25 (patch)
treec4706acf27f91784a8b592772d03e0c8da0b4731 /NEWS
parentc803cb9b24c6cea15698768e4301e963b98e742c (diff)
downloadglibc-e14a27723cc3a154d67f3f26e719d08c0ba9ad25.tar.gz
glibc-e14a27723cc3a154d67f3f26e719d08c0ba9ad25.tar.xz
glibc-e14a27723cc3a154d67f3f26e719d08c0ba9ad25.zip
resolv: Reduce EDNS payload size to 1200 bytes [BZ #21361]
This hardens the stub resolver against fragmentation-based attacks.
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS3
1 files changed, 2 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 28bb00887a..99288b5f22 100644
--- a/NEWS
+++ b/NEWS
@@ -46,7 +46,8 @@ Version 2.26
 
 Security related changes:
 
-  [Add security related changes here]
+* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
+  to avoid fragmentation-based spoofing attacks.
 
 The following bugs are resolved with this release: