Fixes the following security issue:
CVE-2022-3204: The NRDelegation Attack can exploit resolvers by having a
malicious delegation with a considerable number of non responsive
nameservers. It can trigger high CPU usage in some resolver implementations
that continually look in the cache for resolved NS records in that
delegation. This can lead to degraded performance and eventually denial of
service in orchestrated attacks.
Unbound does not suffer from high CPU usage, but resources are still needed
for resolving the malicious delegation. Unbound 1.16.3 includes fixes for
better performance when under load.
https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt
Signed-off-by: Kyle Harding <kyle@balena.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5560bc6c16)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
be394fbcd8