From: Aram Sargsyan Date: Mon, 14 Nov 2022 12:30:49 +0000 (+0000) Subject: Add CHANGES and release notes for [GL #3619] X-Git-Tag: v9.19.9~3^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d08a478b4219163bcba3f31641f8f1d4e77681ff;p=thirdparty%2Fbind9.git Add CHANGES and release notes for [GL #3619] --- diff --git a/CHANGES b/CHANGES index e9d3c8ac451..375dea546fe 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,5 @@ -6067. [placeholder] +6067. [security] Fix serve-stale crash when recursive clients soft quota + is reached. (CVE-2022-3924) [GL #3619] 6066. [security] Handle RRSIG lookups when serve-stale is active. (CVE-2022-3736) [GL #3622] diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 53f5cd4533e..3d44ce70673 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -32,6 +32,15 @@ Security Fixes Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to our attention. :gl:`#3622` +- :iscman:`named` running as a resolver with the + :any:`stale-answer-client-timeout` option set to any value greater + than ``0`` could crash with an assertion failure, when the + :any:`recursive-clients` soft quota was reached. This has been fixed. + (CVE-2022-3924) + + ISC would like to thank Maksym Odinintsev from AWS for bringing this + vulnerability to our attention. :gl:`#3619` + New Features ~~~~~~~~~~~~