Add CHANGES and release note for [GL #4234]

author Ondřej Surý <ondrej@isc.org>

Wed, 11 Oct 2023 07:15:13 +0000 (09:15 +0200)

committer Michał Kępień <michal@isc.org>

Fri, 5 Jan 2024 10:50:23 +0000 (11:50 +0100)
author Ondřej Surý <ondrej@isc.org>
Wed, 11 Oct 2023 07:15:13 +0000 (09:15 +0200)
committer Michał Kępień <michal@isc.org>
Fri, 5 Jan 2024 10:50:23 +0000 (11:50 +0100)
diff --git a/CHANGES b/CHANGES

index d209c80678207ac69c29f376c068065047c41e8b..c537622cb8ddd26130ea63c73dcb802b1ba4f7e3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6315.  [security]      Speed up parsing of DNS messages with many different
+                       names. (CVE-2023-4408) [GL #4234]
+
  6314.  [bug]           Address race conditions in dns_tsigkey_find().
                         [GL #4182]
  
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index be1bc21a15052fc562e9ab2cafb77bee987fc79f..045c3c79db4914af2f72bbbc37c014bc040f2e5c 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,13 @@ Notes for BIND 9.18.22
  Security Fixes
  ~~~~~~~~~~~~~~
  
-- None.
+- Parsing DNS messages with many different names could cause excessive
+  CPU load. This has been fixed. :cve:`2023-4408`
+
+  ISC would like to thank Shoham Danino from Reichman University, Anat
+  Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv
+  University, and Yuval Shavitt from Tel-Aviv University for bringing
+  this vulnerability to our attention. :gl:`#4234`
  
  New Features
  ~~~~~~~~~~~~
author	Ondřej Surý <ondrej@isc.org>
	Wed, 11 Oct 2023 07:15:13 +0000 (09:15 +0200)
committer	Michał Kępień <michal@isc.org>
	Fri, 5 Jan 2024 10:50:23 +0000 (11:50 +0100)
CHANGES		patch \| blob \| blame \| history
doc/notes/notes-current.rst		patch \| blob \| blame \| history