From: Aram Sargsyan Date: Mon, 14 Nov 2022 12:30:49 +0000 (+0000) Subject: Add CHANGES and release notes for [GL #3619] X-Git-Tag: v9.16.37~2^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a05a6d1d73b9d40cdd6ebb8dd4f95402942ceb0;p=thirdparty%2Fbind9.git Add CHANGES and release notes for [GL #3619] (cherry picked from commit d08a478b4219163bcba3f31641f8f1d4e77681ff) --- diff --git a/CHANGES b/CHANGES index 75e9d61c9d0..d7d087534c7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +6067. [security] Fix serve-stale crash when recursive clients soft quota + is reached. (CVE-2022-3924) [GL #3619] + 6066. [security] Handle RRSIG lookups when serve-stale is active. (CVE-2022-3736) [GL #3622] diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 940ad522574..1ac19bb7599 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -32,6 +32,15 @@ Security Fixes Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to our attention. :gl:`#3622` +- :iscman:`named` running as a resolver with the + ``stale-answer-client-timeout`` option set to any value greater than + ``0`` could crash with an assertion failure, when the + ``recursive-clients`` soft quota was reached. This has been fixed. + (CVE-2022-3924) + + ISC would like to thank Maksym Odinintsev from AWS for bringing this + vulnerability to our attention. :gl:`#3619` + New Features ~~~~~~~~~~~~