From: Evan Hunt <each@isc.org>
Date: Fri, 6 Jul 2018 03:48:26 +0000 (-0700)
Subject: CHANGES, release note
X-Git-Tag: v9.11.4-P1~2^2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=5fa73dbdf03aeb2bcb751dd06a56f034b5cbe759;p=thirdparty%2Fbind9.git

CHANGES, release note

(cherry picked from commit 9c492aba65c178f30baafeb5502013f95a9d5b9a)
(cherry picked from commit ecb90158b6e457496922666f56c3f8f7cb3143d4)
---

diff --git a/CHANGES b/CHANGES
index 750b6001a7b..c333cf70664 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4997.	[security]	named could crash during recursive processing
+			of DNAME records when "deny-answer-aliases" was
+			in use. (CVE-2018-5740) [GL #387]
+
 	--- 9.11.4 released ---
 
 	--- 9.11.4rc2 released ---
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 220a20e696d..7b7475b58f0 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -76,6 +76,13 @@
 
   <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
     <itemizedlist>
+      <listitem>
+	<para>
+	  <command>named</command> could crash during recursive processing
+	  of DNAME records when <command>deny-answer-aliases</command> was
+	  in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
+	</para>
+      </listitem>
       <listitem>
 	<para>
 	  When recursion is enabled but the <command>allow-recursion</command>