Add CHANGES and release note for [GL #4242]

author Artem Boldariev <artem@boldariev.com>

Mon, 7 Aug 2023 15:16:29 +0000 (18:16 +0300)

committer Michal Nowak <mnowak@isc.org>

Fri, 8 Sep 2023 09:16:38 +0000 (11:16 +0200)
author Artem Boldariev <artem@boldariev.com>
Mon, 7 Aug 2023 15:16:29 +0000 (18:16 +0300)
committer Michal Nowak <mnowak@isc.org>
Fri, 8 Sep 2023 09:16:38 +0000 (11:16 +0200)
diff --git a/CHANGES b/CHANGES

index 48510a63192188840376cb2e6b4f757208cf313a..2bf3b2ae7b9e26a27c2102f1e827409264138f3d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6246.  [security]      Fix use-after-free error in TLS DNS code when sending
+                       data. (CVE-2023-4236) [GL #4242]
+
  6245.  [security]      Limit the amount of recursion that can be performed
                         by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152]
  
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index b01add6f215f3d0b53ba9fed56a63eb7a847405e..9eb9a1c9cec3417f7ba7f0b88eaf87fc48a5d60b 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -23,6 +23,15 @@ Security Fixes
    ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for
    bringing this vulnerability to our attention. :gl:`#4152`
  
+- Previously, it was possible to remotely trigger a use-after-free error
+  in the DNS-over-TLS transport code, specifically in the code
+  responsible for sending data to the remote peer. This has been fixed.
+  (CVE-2023-4236)
+
+  ISC would like to thank Robert Story from USC/ISI Root Server
+  Operations for bringing this vulnerability to our attention.
+  :gl:`#4242`
+
  New Features
  ~~~~~~~~~~~~
author	Artem Boldariev <artem@boldariev.com>
	Mon, 7 Aug 2023 15:16:29 +0000 (18:16 +0300)
committer	Michal Nowak <mnowak@isc.org>
	Fri, 8 Sep 2023 09:16:38 +0000 (11:16 +0200)
CHANGES		patch \| blob \| blame \| history
doc/notes/notes-current.rst		patch \| blob \| blame \| history