Add CHANGES and release notes for [GL #3619]

author Aram Sargsyan <aram@isc.org>

Mon, 14 Nov 2022 12:30:49 +0000 (12:30 +0000)

committer Michał Kępień <michal@isc.org>

Thu, 12 Jan 2023 11:43:32 +0000 (12:43 +0100)
author Aram Sargsyan <aram@isc.org>
Mon, 14 Nov 2022 12:30:49 +0000 (12:30 +0000)
committer Michał Kępień <michal@isc.org>
Thu, 12 Jan 2023 11:43:32 +0000 (12:43 +0100)
diff --git a/CHANGES b/CHANGES

index e9d3c8ac451a049f2d53e83b2455c1740777714b..375dea546febf1ef061dde84e6d187931e27a55a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,5 @@
-6067.  [placeholder]
+6067.  [security]      Fix serve-stale crash when recursive clients soft quota
+                       is reached. (CVE-2022-3924) [GL #3619]
  
  6066.  [security]      Handle RRSIG lookups when serve-stale is active.
                         (CVE-2022-3736) [GL #3622]
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index 53f5cd4533e6c1d286acf6e7b40434722c00e81a..3d44ce706736ddbd093b8ba49ece50e98ac32cd7 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -32,6 +32,15 @@ Security Fixes
    Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to
    our attention. :gl:`#3622`
  
+- :iscman:`named` running as a resolver with the
+  :any:`stale-answer-client-timeout` option set to any value greater
+  than ``0`` could crash with an assertion failure, when the
+  :any:`recursive-clients` soft quota was reached. This has been fixed.
+  (CVE-2022-3924)
+
+  ISC would like to thank Maksym Odinintsev from AWS for bringing this
+  vulnerability to our attention. :gl:`#3619`
+
  New Features
  ~~~~~~~~~~~~
author	Aram Sargsyan <aram@isc.org>
	Mon, 14 Nov 2022 12:30:49 +0000 (12:30 +0000)
committer	Michał Kępień <michal@isc.org>
	Thu, 12 Jan 2023 11:43:32 +0000 (12:43 +0100)
CHANGES		patch \| blob \| blame \| history
doc/notes/notes-current.rst		patch \| blob \| blame \| history