From: Mark Andrews Date: Wed, 16 Feb 2022 08:30:19 +0000 (+1100) Subject: Add CHANGES and release note for [GL #3158] X-Git-Tag: v9.19.0~60^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c9f28777f697ac453f666e657185cb19551a954f;p=thirdparty%2Fbind9.git Add CHANGES and release note for [GL #3158] --- diff --git a/CHANGES b/CHANGES index f95a93b0f80..39e5edf8bf5 100644 --- a/CHANGES +++ b/CHANGES @@ -37,7 +37,9 @@ 5820. [placeholder] -5819. [placeholder] +5819. [security] Lookups involving a DNAME could trigger an INSIST when + "synth-from-dnssec" was enabled. (CVE-2022-0635) + [GL #3158] 5818. [security] A synchronous call to closehandle_cb() caused isc__nm_process_sock_buffer() to be called recursively, diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 55a69b56f64..3844fc0124c 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -28,6 +28,12 @@ Security Fixes TCP sockets in the ``CLOSE_WAIT`` state when the client did not properly shut down the connection. (CVE-2022-0396) :gl:`#3112` +- Lookups involving a DNAME could trigger an assertion failure when + ``synth-from-dnssec`` was enabled (which is the default). + (CVE-2022-0635) + + ISC would like to thank Vincent Levigneron from AFNIC for bringing + this vulnerability to our attention. :gl:`#3158` Known Issues ~~~~~~~~~~~~