CHANGES and release notes for [GL #4089]

diff --git a/CHANGES b/CHANGES
index 221e59f7a3aff474bfb8c9684b32008e70b13b6b..0f215ba9dc7471dc964bdacf0062be399dfcbcef 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,10 @@
+6192.  [security]      A query that prioritizes stale data over lookup
+                       triggers a fetch to refresh the stale data in cache.
+                       If the fetch is aborted for exceeding the recursion
+                       quota, it was possible for 'named' to enter an infinite
+                       callback loop and crash due to stack overflow. This has
+                       been fixed. (CVE-2023-2911) [GL #4089]
+
 6190.  [security]      Improve the overmem cleaning process to prevent the
                        cache going over the configured limit. (CVE-2023-2828)
                        [GL #4055]

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index a44c0c516d62b652846e85f8343edaabd2f12c4d..7f388996c8d0a155436ff610c24aa5e070879b13 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -24,6 +24,12 @@ Security Fixes
   and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to
   our attention.  :gl:`#4055`
 
+- A query that prioritizes stale data over lookup triggers a fetch to refresh
+  the stale data in cache. If the fetch is aborted for exceeding the recursion
+  quota, it was possible for :iscman:`named` to enter an infinite callback
+  loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911)
+  :gl:`#4089`
+
 New Features
 ~~~~~~~~~~~~