upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 10:29:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add CHANGES and release note for [GL #4481]

Browse source 
(cherry picked from commit 3e4babc58e1ed169a25ae9083f8f3c7d3e8389a3)
This commit is contained in:
Ondřej Surý 2024-01-19 21:11:32 +01:00 committed by Nicki Křížek
parent 964891a794
commit 41eb89503c
No known key found for this signature in database
GPG key ID: 01623B9B652A20A7
2 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -1,3 +1,8 @@
6399. [security] Malicious DNS client that sends many queries over
TCP but never reads responses can cause server to
respond slowly or not respond at all for other
clients. (CVE-2024-0760) [GL #4481]
6398. [bug] Fix potential data races in our DoH implementation
related to HTTP/2 session object management and
endpoints set object management after reconfiguration.

4
doc/notes/notes-current.rst
View file

@ -15,6 +15,10 @@ Notes for BIND 9.18.28
Security Fixes
~~~~~~~~~~~~~~
- Malicious DNS client that sends many queries over TCP but never reads
responses can cause server to respond slowly or not respond at all for other
clients. :cve:`2024-0760` :gl:`#4481`
- Named could trigger an assertion failure when looking up the NS
records of parent zones as part of looking up DS records. This
has been fixed. :gl:`#4661`