From: Ondřej Surý Date: Thu, 27 Jan 2022 07:44:53 +0000 (+0100) Subject: Add CHANGES and release note for [GL #3112] X-Git-Tag: v9.19.0~61^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dcb6a0c4f86dadb56b0627d14fb010c4c017b692;p=thirdparty%2Fbind9.git Add CHANGES and release note for [GL #3112] --- diff --git a/CHANGES b/CHANGES index d05a7c67d04..f95a93b0f80 100644 --- a/CHANGES +++ b/CHANGES @@ -39,7 +39,12 @@ 5819. [placeholder] -5818. [placeholder] +5818. [security] A synchronous call to closehandle_cb() caused + isc__nm_process_sock_buffer() to be called recursively, + which in turn left TCP connections hanging in the + CLOSE_WAIT state blocking indefinitely when + out-of-order processing was disabled. (CVE-2022-0396) + [GL #3112] 5817. [security] The rules for acceptance of records into the cache have been tightened to prevent the possibility of diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 0b45bfb281a..55a69b56f64 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -24,6 +24,11 @@ Security Fixes Changgen Zou from Qi An Xin Group Corp. for bringing this vulnerability to our attention. :gl:`#2950` +- TCP connections with ``keep-response-order`` enabled could leave the + TCP sockets in the ``CLOSE_WAIT`` state when the client did not + properly shut down the connection. (CVE-2022-0396) :gl:`#3112` + + Known Issues ~~~~~~~~~~~~