Add CHANGES and release note for [GL #4234]

author Ondřej Surý <ondrej@isc.org>

Wed, 11 Oct 2023 07:15:13 +0000 (09:15 +0200)

committer Michał Kępień <michal@isc.org>

Fri, 5 Jan 2024 10:35:25 +0000 (11:35 +0100)
author Ondřej Surý <ondrej@isc.org>
Wed, 11 Oct 2023 07:15:13 +0000 (09:15 +0200)
committer Michał Kępień <michal@isc.org>
Fri, 5 Jan 2024 10:35:25 +0000 (11:35 +0100)
diff --git a/CHANGES b/CHANGES

index b524775c0995df62c5435dcfb6d35ee567cde0af..d3d5fa5a6e21b9efaf696789cd020a3594f098ac 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,7 +6,8 @@
  
  6316.  [placeholder]
  
-6315.  [placeholder]
+6315.  [security]      Speed up parsing of DNS messages with many different
+                       names. (CVE-2023-4408) [GL #4234]
  
  6314.  [bug]           Address race conditions in dns_tsigkey_find().
                         [GL #4182]
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index bebf1cd3b7900f0c6207f11a5e02de8bb80664ff..518a160826dbfd465a82d804cbe53f206beff187 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,13 @@ Notes for BIND 9.19.20
  Security Fixes
  ~~~~~~~~~~~~~~
  
-- None.
+- Parsing DNS messages with many different names could cause excessive
+  CPU load. This has been fixed. :cve:`2023-4408`
+
+  ISC would like to thank Shoham Danino from Reichman University, Anat
+  Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv
+  University, and Yuval Shavitt from Tel-Aviv University for bringing
+  this vulnerability to our attention. :gl:`#4234`
  
  New Features
  ~~~~~~~~~~~~
author	Ondřej Surý <ondrej@isc.org>
	Wed, 11 Oct 2023 07:15:13 +0000 (09:15 +0200)
committer	Michał Kępień <michal@isc.org>
	Fri, 5 Jan 2024 10:35:25 +0000 (11:35 +0100)
CHANGES		patch \| blob \| blame \| history
doc/notes/notes-current.rst		patch \| blob \| blame \| history