From 5fa73dbdf03aeb2bcb751dd06a56f034b5cbe759 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 5 Jul 2018 20:48:26 -0700 Subject: [PATCH] CHANGES, release note (cherry picked from commit 9c492aba65c178f30baafeb5502013f95a9d5b9a) (cherry picked from commit ecb90158b6e457496922666f56c3f8f7cb3143d4) --- CHANGES | 4 ++++ doc/arm/notes.xml | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/CHANGES b/CHANGES index 750b6001a7..c333cf7066 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +4997. [security] named could crash during recursive processing + of DNAME records when "deny-answer-aliases" was + in use. (CVE-2018-5740) [GL #387] + --- 9.11.4 released --- --- 9.11.4rc2 released --- diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 220a20e696..7b7475b58f 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -76,6 +76,13 @@
Security Fixes + + + named could crash during recursive processing + of DNAME records when deny-answer-aliases was + in use. This flaw is disclosed in CVE-2018-5740. [GL #387] + + When recursion is enabled but the allow-recursion