Add CHANGES and release note for GL #1997

2026-06-09 15:19:59 -04:00 · 2020-07-10 14:14:07 -07:00 · 2020-07-10 14:14:07 -07:00 · a3e42f8599
commit a3e42f8599
parent 51c9ea98a3
2 changed files with 12 additions and 1 deletions
--- a/4
+++ b/4
@ -16,7 +16,9 @@

 5480.	[placeholder]

-5479.	[placeholder]
+5479.	[security]	named could crash in certain query resolution scenarios
+			where QNAME minimization and forwarding were both
+			enabled. (CVE-2020-8621) [GL #1997]

 5478.	[security]	It was possible to trigger an assertion failure by
 			sending a specially crafted large TCP DNS message.
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@ -20,6 +20,15 @@ Security Fixes
  ISC would like to thank Emanuel Almeida of Cisco Systems, Inc. for
  bringing this vulnerability to our attention. [GL #1996]

+- ``named`` could crash after failing an assertion check in certain
+  query resolution scenarios where QNAME minimization and forwarding
+  were both enabled. To prevent such crashes, QNAME minimization is now
+  always disabled for a given query resolution process, if forwarders
+  are used at any point. This was disclosed in CVE-2020-8621.
+
+  ISC would like to thank Joseph Gullo for bringing this vulnerability
+  to our attention. [GL #1997]
+
 Known Issues
 ~~~~~~~~~~~~