Add release note for GL #4480

author Petr Špaček <pspacek@isc.org>

Thu, 6 Jun 2024 15:59:50 +0000 (17:59 +0200)

committer Nicki Křížek <nicki@isc.org>

Mon, 10 Jun 2024 17:08:50 +0000 (19:08 +0200)
author Petr Špaček <pspacek@isc.org>
Thu, 6 Jun 2024 15:59:50 +0000 (17:59 +0200)
committer Nicki Křížek <nicki@isc.org>
Mon, 10 Jun 2024 17:08:50 +0000 (19:08 +0200)
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index 9440dd6d8c53ff8081c77383c3cf13742fa178f2..fbd682b01be9d6724ff0490429efb2294c2a42c4 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -34,6 +34,11 @@ Security Fixes
    ISC would like to thank Toshifumi Sakaguchi who independently discovered
    and responsibly reported the issue to ISC. :gl:`#4548`
  
+- Validating DNS messages signed using the SIG(0) protocol (:rfc:`2931`) could
+  cause excessive CPU load, leading to a denial-of-service condition.
+  Support for SIG(0) message validation was removed from this version of
+  :iscman:`named`. :cve:`2024-1975` :gl:`#4480`
+
  - Named could trigger an assertion failure when looking up the NS
    records of parent zones as part of looking up DS records.  This
    has been fixed. :gl:`#4661`
author	Petr Špaček <pspacek@isc.org>
	Thu, 6 Jun 2024 15:59:50 +0000 (17:59 +0200)
committer	Nicki Křížek <nicki@isc.org>
	Mon, 10 Jun 2024 17:08:50 +0000 (19:08 +0200)