Add CHANGES and release note for [GL #4055]

author Ondřej Surý <ondrej@isc.org>

Thu, 1 Jun 2023 13:46:23 +0000 (15:46 +0200)

committer Michal Nowak <mnowak@isc.org>

Thu, 8 Jun 2023 09:54:43 +0000 (11:54 +0200)
author Ondřej Surý <ondrej@isc.org>
Thu, 1 Jun 2023 13:46:23 +0000 (15:46 +0200)
committer Michal Nowak <mnowak@isc.org>
Thu, 8 Jun 2023 09:54:43 +0000 (11:54 +0200)
diff --git a/CHANGES b/CHANGES

index 1d225c08ee7a3fe4370ce72bc9b6f8a0e6d2a28d..221e59f7a3aff474bfb8c9684b32008e70b13b6b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+6190.  [security]      Improve the overmem cleaning process to prevent the
+                       cache going over the configured limit. (CVE-2023-2828)
+                       [GL #4055]
+
  6183.  [bug]           Fix a serve-stale bug where a delegation from cache
                         could be returned to the client. [GL #3950]
  
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index 1cd8c68f6f68d7f79506b07c7d0c3316c521c175..a44c0c516d62b652846e85f8343edaabd2f12c4d 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,14 @@ Notes for BIND 9.16.42
  Security Fixes
  ~~~~~~~~~~~~~~
  
-- None.
+- The overmem cleaning process has been improved, to prevent the cache from
+  significantly exceeding the configured ``max-cache-size`` limit.
+  (CVE-2023-2828)
+
+  ISC would like to thank Shoham Danino from Reichman University, Anat
+  Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University,
+  and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to
+  our attention.  :gl:`#4055`
  
  New Features
  ~~~~~~~~~~~~
author	Ondřej Surý <ondrej@isc.org>
	Thu, 1 Jun 2023 13:46:23 +0000 (15:46 +0200)
committer	Michal Nowak <mnowak@isc.org>
	Thu, 8 Jun 2023 09:54:43 +0000 (11:54 +0200)
CHANGES		patch \| blob \| blame \| history
doc/notes/notes-current.rst		patch \| blob \| blame \| history