From aaeea046ed9d080a0ee4b8df2649ae6f103c6a61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 21 Jul 2020 15:24:21 +0200 Subject: [PATCH] Add CHANGES and release note for GL #2037 --- CHANGES | 6 +++++- doc/notes/notes-current.rst | 8 ++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index cabd1eac71..27cf14612f 100644 --- a/CHANGES +++ b/CHANGES @@ -14,7 +14,11 @@ 5481. [placeholder] -5480. [placeholder] +5480. [security] When BIND 9 was compiled with native PKCS#11 support, it + was possible to trigger an assertion failure in code + determining the number of bits in the PKCS#11 RSA public + key with a specially crafted packet. (CVE-2020-8623) + [GL #2037] 5479. [security] named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index f5fdc44bee..175a15b362 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -36,6 +36,14 @@ Security Fixes ISC would like to thank Dave Feldman, Jeff Warren, and Joel Cunningham of Oracle for bringing this vulnerability to our attention. [GL #2028] +- When BIND 9 was compiled with native PKCS#11 support, it was possible + to trigger an assertion failure in code determining the number of bits + in the PKCS#11 RSA public key with a specially crafted packet. This + was disclosed in CVE-2020-8623. + + ISC would like to thank Lyu Chiy for bringing this vulnerability to + our attention. [GL #2037] + Known Issues ~~~~~~~~~~~~