Add CHANGES and release note for GL #2354

diff --git a/CHANGES b/CHANGES
index 417184287d1769436e4845a5c0160c422ed72799..86bcfcbd68169fac0e6f47fc4a38c1e2a728f504 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5562.  [security]      Fix off-by-one bug in ISC SPNEGO implementation.
+                       (CVE-2020-8625) [GL #2354]
+
        --- 9.11.27 released ---
 
 5559.  [bug]           The --with-maxminddb=PATH form of the build-time option

diff --git a/doc/arm/notes-9.11.28.xml b/doc/arm/notes-9.11.28.xml
index da7d57c4eb9e56365ff2530fa6f3729b40932012..f3ee9d3336fea7de751727d77dd2b489c0e28c88 100644 (file)
--- a/doc/arm/notes-9.11.28.xml
+++ b/doc/arm/notes-9.11.28.xml
@@ -15,7 +15,18 @@
     <itemizedlist>
       <listitem>
         <para>
-          None.
+          When <command>tkey-gssapi-keytab</command> or
+          <command>tkey-gssapi-credential</command> was configured, a specially
+          crafted GSS-TSIG query could cause a buffer overflow in the ISC
+          implementation of SPNEGO (a protocol enabling negotiation of the
+          security mechanism to use for GSSAPI authentication). This flaw could
+          be exploited to crash <command>named</command>. Theoretically, it also
+          enabled remote code execution, but achieving the latter is very
+          difficult in real-world conditions. (CVE-2020-8625)
+        </para>
+        <para>
+          This vulnerability was responsibly reported to us as ZDI-CAN-12302 by
+          Trend Micro Zero Day Initiative. [GL #2354]
         </para>
       </listitem>
     </itemizedlist>