CHANGES, release note

author Evan Hunt <each@isc.org>

Fri, 6 Jul 2018 03:48:26 +0000 (20:48 -0700)

committer Evan Hunt <each@isc.org>

Fri, 13 Jul 2018 20:33:29 +0000 (13:33 -0700)
author Evan Hunt <each@isc.org>
Fri, 6 Jul 2018 03:48:26 +0000 (20:48 -0700)
committer Evan Hunt <each@isc.org>
Fri, 13 Jul 2018 20:33:29 +0000 (13:33 -0700)
diff --git a/CHANGES b/CHANGES

index 750b6001a7bef010fae39a8573f980825ee85fc6..c333cf70664e703fa02ed6941f9503b4fd286c93 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4997.  [security]      named could crash during recursive processing
+                       of DNAME records when "deny-answer-aliases" was
+                       in use. (CVE-2018-5740) [GL #387]
+
         --- 9.11.4 released ---
  
         --- 9.11.4rc2 released ---
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml

index 220a20e696d99a1f5c44e9dc9913c36bba457e65..7b7475b58f0b69a619f95d48fbb6f4abfe5de2fb 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -76,6 +76,13 @@
  
    <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
      <itemizedlist>
+      <listitem>
+       <para>
+         <command>named</command> could crash during recursive processing
+         of DNAME records when <command>deny-answer-aliases</command> was
+         in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
+       </para>
+      </listitem>
        <listitem>
         <para>
           When recursion is enabled but the <command>allow-recursion</command>
author	Evan Hunt <each@isc.org>
	Fri, 6 Jul 2018 03:48:26 +0000 (20:48 -0700)
committer	Evan Hunt <each@isc.org>
	Fri, 13 Jul 2018 20:33:29 +0000 (13:33 -0700)
CHANGES		patch \| blob \| blame \| history
doc/arm/notes.xml		patch \| blob \| blame \| history