From: Evan Hunt Date: Thu, 9 May 2019 17:53:18 +0000 (-0700) Subject: CHANGES, release note X-Git-Tag: v9.15.2~46^2~1^2 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=f1b9bd6f079ae30c0cd543dcce00e4dff3352201;p=thirdparty%2Fbind9.git CHANGES, release note --- diff --git a/CHANGES b/CHANGES index 4b93b761a0c..d09f3a94786 100644 --- a/CHANGES +++ b/CHANGES @@ -28,7 +28,10 @@ 5245. [cleanup] Reduce logging level for IXFR up-to-date poll responses. [GL #1009] -5244. [placeholder] +5244. [security] Fixed a race condition in dns_dispatch_getnext() + that could cause an assertion failure if a + significant number of incoming packets were + rejected. (CVE-2019-6471) [GL #942] 5243. [bug] Fix a possible race between dispatcher and socket code in a high-load cold-cache resolver scenario. diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 8d09e129868..6d897437ba8 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -97,7 +97,15 @@ The TCP client quota set using the tcp-clients option could be exceeded in some cases. This could lead to - exhaustion of file descriptors. (CVE-2018-5743) [GL #615] + exhaustion of file descriptors. This flaw is disclosed in + CVE-2018-5743. [GL #615] + + + + + A race condition could trigger an assertion failure when + a large number of incoming packets were being rejected. + This flaw is disclosed in CVE-2019-6471. [GL #942]