upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-10 18:40:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Tweak and reword release notes

Browse source
This commit is contained in:
Michał Kępień 2026-03-13 21:33:25 +01:00
parent a6aae97118
commit 1a008b282a
No known key found for this signature in database
1 changed files with 16 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
doc/notes/notes-9.20.21.rst
View file

@ -15,8 +15,8 @@ Notes for BIND 9.20.21
Security Fixes
~~~~~~~~~~~~~~
- [CVE-2026-1519] Fix unbounded NSEC3 iterations when validating
referrals to unsigned delegations.
- Fix unbounded NSEC3 iterations when validating referrals to unsigned
delegations. :cve:`2026-1519`
DNSSEC-signed zones may contain high iteration-count NSEC3 records,
which prove that certain delegations are insecure. Previously, a
@ -29,8 +29,8 @@ Security Fixes
ISC would like to thank Samy Medjahed/Ap4sh for bringing this
vulnerability to our attention. :gl:`#5708`
- [CVE-2026-3104] Fix memory leaks in code preparing DNSSEC proofs of
non-existence.
- Fix memory leaks in code preparing DNSSEC proofs of non-existence.
:cve:`2026-3104`
An attacker controlling a DNSSEC-signed zone could trigger a memory
leak in the logic preparing DNSSEC proofs of non-existence, by
@ -40,8 +40,8 @@ Security Fixes
ISC would like to thank Vitaly Simonovich for bringing this
vulnerability to our attention. :gl:`#5742`
- [CVE-2026-3119] Prevent a crash in code processing queries containing
a TKEY record.
- Prevent a crash in code processing queries containing a TKEY record.
:cve:`2026-3119`
The :iscman:`named` process could terminate unexpectedly when
processing a correctly signed query containing a TKEY record. This has
@ -50,8 +50,8 @@ Security Fixes
ISC would like to thank Vitaly Simonovich for bringing this
vulnerability to our attention. :gl:`#5748`
- [CVE-2026-3591] Fix a stack use-after-return flaw in SIG(0) handling
code.
- Fix a stack use-after-return flaw in SIG(0) handling code.
:cve:`2026-3591`
A stack use-after-return flaw in SIG(0) handling code could enable ACL
bypass and/or assertion failures in certain circumstances. This flaw
@ -63,15 +63,13 @@ Security Fixes
Bug Fixes
~~~~~~~~~
- Resolve "key defined in view is not found"
- Fix the handling of :namedconf:ref:`key` statements defined inside
views.
Commit `2956e4fc` hardened the `key` name check when used in
`primaries` to reject the configuration if the key was not defined,
rather than simply checking whether the key name was correctly formed.
However, the key name check didn't include the view configuration,
causing keys not to be recognized if they were defined inside the view
and not at the global level. This regression is now fixed.
A recent change introduced in BIND 9.20.17 hardened the
:namedconf:ref:`key` name check when used in :any:`primaries`, to
immediately reject the configuration if the key was not defined
(rather than only checking whether the key name was correctly formed).
However, that change introduced a regression that prevented the use of
a :namedconf:ref:`key` defined in a view. This has now been fixed.
:gl:`#5761`