Add CHANGES and release note for [GL #4055]

author Ondřej Surý <ondrej@isc.org>

Thu, 1 Jun 2023 13:46:23 +0000 (15:46 +0200)

committer Michal Nowak <mnowak@isc.org>

Thu, 8 Jun 2023 09:47:04 +0000 (11:47 +0200)
author Ondřej Surý <ondrej@isc.org>
Thu, 1 Jun 2023 13:46:23 +0000 (15:46 +0200)
committer Michal Nowak <mnowak@isc.org>
Thu, 8 Jun 2023 09:47:04 +0000 (11:47 +0200)
diff --git a/CHANGES b/CHANGES

index 3955f7f6183d7c73d178568acd53b3c450edda5b..b34478bf5c58717be3d20d86c9fbe7608f449401 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+6190.  [security]      Improve the overmem cleaning process to prevent the
+                       cache going over the configured limit. (CVE-2023-2828)
+                       [GL #4055]
+
  6188.  [performance]   Reduce memory consumption by allocating properly
                         sized send buffers for stream-based transports.
                         [GL #4038]
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index 5ae9d306f8008f209fef978dc7ca9f2efbe522d2..78c3c048e2672690799202e361200c85c57921e5 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,14 @@ Notes for BIND 9.18.16
  Security Fixes
  ~~~~~~~~~~~~~~
  
-- None.
+- The overmem cleaning process has been improved, to prevent the cache from
+  significantly exceeding the configured :any:`max-cache-size` limit.
+  (CVE-2023-2828)
+
+  ISC would like to thank Shoham Danino from Reichman University, Anat
+  Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University,
+  and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to
+  our attention.  :gl:`#4055`
  
  New Features
  ~~~~~~~~~~~~
author	Ondřej Surý <ondrej@isc.org>
	Thu, 1 Jun 2023 13:46:23 +0000 (15:46 +0200)
committer	Michal Nowak <mnowak@isc.org>
	Thu, 8 Jun 2023 09:47:04 +0000 (11:47 +0200)
CHANGES		patch \| blob \| blame \| history
doc/notes/notes-current.rst		patch \| blob \| blame \| history