From: Evan Hunt <each@isc.org>
Date: Wed, 31 May 2023 19:47:31 +0000 (-0700)
Subject: CHANGES and release notes for [GL #4089]
X-Git-Tag: v9.18.16~3^2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=10ac503a94ee5384f68325d50dd90eaf03d41912;p=thirdparty%2Fbind9.git

CHANGES and release notes for [GL #4089]
---

diff --git a/CHANGES b/CHANGES
index b34478bf5c5..9bcfe6270f9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,10 @@
+6192.	[security]	A query that prioritizes stale data over lookup
+			triggers a fetch to refresh the stale data in cache.
+			If the fetch is aborted for exceeding the recursion
+			quota, it was possible for 'named' to enter an infinite
+			callback loop and crash due to stack overflow. This has
+			been fixed. (CVE-2023-2911) [GL #4089]
+
 6190.	[security]	Improve the overmem cleaning process to prevent the
 			cache going over the configured limit. (CVE-2023-2828)
 			[GL #4055]
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 78c3c048e26..3c706ebe986 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -24,6 +24,12 @@ Security Fixes
   and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to
   our attention.  :gl:`#4055`
 
+- A query that prioritizes stale data over lookup triggers a fetch to refresh
+  the stale data in cache. If the fetch is aborted for exceeding the recursion
+  quota, it was possible for :iscman:`named` to enter an infinite callback
+  loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911)
+  :gl:`#4089`
+
 New Features
 ~~~~~~~~~~~~