diff options
author | Florian Weimer <fweimer@redhat.com> | 2017-04-13 13:09:38 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2017-04-13 13:09:38 +0200 |
commit | e14a27723cc3a154d67f3f26e719d08c0ba9ad25 (patch) | |
tree | c4706acf27f91784a8b592772d03e0c8da0b4731 /NEWS | |
parent | c803cb9b24c6cea15698768e4301e963b98e742c (diff) | |
download | glibc-e14a27723cc3a154d67f3f26e719d08c0ba9ad25.tar.gz glibc-e14a27723cc3a154d67f3f26e719d08c0ba9ad25.tar.xz glibc-e14a27723cc3a154d67f3f26e719d08c0ba9ad25.zip |
resolv: Reduce EDNS payload size to 1200 bytes [BZ #21361]
This hardens the stub resolver against fragmentation-based attacks.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/NEWS b/NEWS index 28bb00887a..99288b5f22 100644 --- a/NEWS +++ b/NEWS @@ -46,7 +46,8 @@ Version 2.26 Security related changes: - [Add security related changes here] +* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, + to avoid fragmentation-based spoofing attacks. The following bugs are resolved with this release: |