Add release note for [GL #2604]

author Michał Kępień <michal@isc.org>

Mon, 12 Apr 2021 13:00:03 +0000 (15:00 +0200)

committer Michał Kępień <michal@isc.org>

Thu, 29 Apr 2021 09:56:03 +0000 (11:56 +0200)
author Michał Kępień <michal@isc.org>
Mon, 12 Apr 2021 13:00:03 +0000 (15:00 +0200)
committer Michał Kępień <michal@isc.org>
Thu, 29 Apr 2021 09:56:03 +0000 (11:56 +0200)
diff --git a/doc/arm/notes-9.11.30.xml b/doc/arm/notes-9.11.30.xml

index d3b11606abb2afb01e6ba59a7604263da1287c48..39c483791aec16e56381100ca500e8cb67c26bd5 100644 (file)
--- a/doc/arm/notes-9.11.30.xml
+++ b/doc/arm/notes-9.11.30.xml
@@ -37,6 +37,23 @@
            bringing this vulnerability to our attention. [GL #2540]
          </para>
        </listitem>
+      <listitem>
+        <para>
+          When a server's configuration set the
+          <command>tkey-gssapi-keytab</command> or
+          <command>tkey-gssapi-credential</command> option, a specially crafted
+          GSS-TSIG query could cause a buffer overflow in the ISC implementation
+          of SPNEGO (a protocol enabling negotiation of the security mechanism
+          used for GSSAPI authentication). This flaw could be exploited to crash
+          <command>named</command> binaries compiled for 64-bit platforms, and
+          could enable remote code execution when <command>named</command> was
+          compiled for 32-bit platforms. (CVE-2021-25216)
+        </para>
+        <para>
+          This vulnerability was reported to us as ZDI-CAN-13347 by Trend Micro
+          Zero Day Initiative. [GL #2604]
+        </para>
+      </listitem>
      </itemizedlist>
    </section>
author	Michał Kępień <michal@isc.org>
	Mon, 12 Apr 2021 13:00:03 +0000 (15:00 +0200)
committer	Michał Kępień <michal@isc.org>
	Thu, 29 Apr 2021 09:56:03 +0000 (11:56 +0200)