Add CHANGES and release note for [GL #4234]

author Ondřej Surý <ondrej@isc.org>

Wed, 11 Oct 2023 07:15:13 +0000 (09:15 +0200)

committer Michał Kępień <michal@isc.org>

Fri, 5 Jan 2024 10:52:05 +0000 (11:52 +0100)
author Ondřej Surý <ondrej@isc.org>
Wed, 11 Oct 2023 07:15:13 +0000 (09:15 +0200)
committer Michał Kępień <michal@isc.org>
Fri, 5 Jan 2024 10:52:05 +0000 (11:52 +0100)
diff --git a/CHANGES b/CHANGES

index 87c859c1ea4827ea71cd06ae3312ffe8d9c4e9e1..eb5c775ceb61daa267975fe93e0dbb6ab97a31f2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6315.  [security]      Speed up parsing of DNS messages with many different
+                       names. (CVE-2023-4408) [GL #4234]
+
  6314.  [bug]           Address race conditions in dns_tsigkey_find().
                         [GL #4182]
  
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index d69151dfe36a036e0726f05cb8d1e09412244767..23847e23c06d84b8cf77cb8da129a847c6b619ff 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,13 @@ Notes for BIND 9.16.46
  Security Fixes
  ~~~~~~~~~~~~~~
  
-- None.
+- Parsing DNS messages with many different names could cause excessive
+  CPU load. This has been fixed. :cve:`2023-4408`
+
+  ISC would like to thank Shoham Danino from Reichman University, Anat
+  Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv
+  University, and Yuval Shavitt from Tel-Aviv University for bringing
+  this vulnerability to our attention. :gl:`#4234`
  
  New Features
  ~~~~~~~~~~~~
author	Ondřej Surý <ondrej@isc.org>
	Wed, 11 Oct 2023 07:15:13 +0000 (09:15 +0200)
committer	Michał Kępień <michal@isc.org>
	Fri, 5 Jan 2024 10:52:05 +0000 (11:52 +0100)
CHANGES		patch \| blob \| blame \| history
doc/notes/notes-current.rst		patch \| blob \| blame \| history