upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-15 01:10:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add release note for [GL #4125]

Browse source 
(cherry picked from commit 58a8de5246)
This commit is contained in:
Ondřej Surý 2023-08-21 15:15:26 +02:00
parent 3f4d9f739c
commit 034a63c1f3
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
doc/notes/notes-current.rst
View file

@ -38,15 +38,19 @@ Feature Changes
Bug Fixes
~~~~~~~~~
- None.
- The value of If-Modified-Since header in statistics channel was not checked
for length leading to possible buffer overflow by an authorized user. We
would like to emphasize that statistics channel must be properly setup to
allow access only from authorized users of the system. :gl:`#4124`
This was reported independently by Eric Sesterhenn of X41 D-SEC and Cameron
Whitehead.
This issue was reported independently by Eric Sesterhenn of X41 D-SEC and
Cameron Whitehead.
- The value of Content-Length header in statistics channel was not bound checked
and negative or large enough value could lead to overflow and assertion failure.
:gl:`#4125`
This issue was reported by Eric Sesterhenn of X41 D-SEC.
Known Issues
~~~~~~~~~~~~