File _patchinfo of Package patchinfo.11991

<patchinfo incident="11991">
  <issue tracker="cve" id="2020-8616"/>
  <issue tracker="cve" id="2018-5741"/>
  <issue tracker="cve" id="2020-8617"/>
  <issue tracker="bnc" id="1118367">Please add proper dependencies in lwresd.service against nss-lookup.target</issue>
  <issue tracker="bnc" id="1118368">Please include proper dependencies in named.service against nss-lookup.target</issue>
  <issue tracker="bnc" id="1171740">VUL-0: CVE-2020-8616, CVE-2020-8617: bind: two vulnerabilities</issue>
  <issue tracker="bnc" id="1109160">VUL-1: CVE-2018-5741: bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies</issue>
  <packager>jmoellers</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for bind</summary>
  <description>This update for bind fixes the following issues:

- Amended documentation referring to rule types "krb5-subdomain"
  and "ms-subdomain". This incorrect documentation could mislead
  operators into believing that policies they had configured were 
  more restrictive than they actually were. [CVE-2018-5741]
- Further limit the number of queries that can be triggered from a
  request.  Root and TLD servers are no longer exempt from 
  max-recursion-queries. Fetches for missing name server address
  records are limited to 4 for any domain. [CVE-2020-8616]
- Replaying a TSIG BADTIME response as a request could trigger an
  assertion failure. [CVE-2020-8617]
  [bsc#1109160, bsc#1171740,
   CVE-2018-5741, bind-CVE-2018-5741.patch,
   CVE-2020-8616, bind-CVE-2020-8616.patch,
   CVE-2020-8617, bind-CVE-2020-8617.patch]

- Don't rely on /etc/insserv.conf anymore for proper dependencies
  against nss-lookup.target in named.service and lwresd.service
  (bsc#1118367 bsc#1118368)
- Using a drop-in file
</description>
</patchinfo>