From dd0e3b021322bae4aba621f05b1c0ffbb17df2c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 22 Jun 2021 12:33:50 +0200 Subject: [PATCH] Add CHANGES and release notes for [GL #2787] --- CHANGES | 3 +++ doc/notes/notes-current.rst | 8 ++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 5a036e684b..fae091bf04 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +5663. [bug] Properly handle non-zero OPCODEs when receiving the + queries over DoT and DoH channels. [GL #2787] + 5662. [bug] Views with recursion disabled are now configured with a default cache size of 2 MB, unless "max-cache-size" is explicitly set. This prevents cache RBT hash tables from diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 6e46da2b39..ced974c1f0 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -14,7 +14,11 @@ Notes for BIND 9.17.15 Security Fixes ~~~~~~~~~~~~~~ -- None. +- Sending non-zero opcode via DoT or DoH channels would trigger an assertion + failure in ``named``. This has been fixed. + + ISC would like to thank Ville Heikkila of Synopsys Cybersecurity Research + Center for responsibly disclosing the vulnerability to us. :gl:`#2787` Known Issues ~~~~~~~~~~~~ @@ -58,4 +62,4 @@ Bug Fixes - A deadlock at startup was introduced when fixing :gl:`#1875` because when locking key files for reading and writing, "in-view" logic was not taken into - account. This has been fixed. [GL #2783] + account. This has been fixed. :gl:`#2783`