diff options
Diffstat (limited to 'doc/notes')
-rw-r--r-- | doc/notes/notes-9.16.12.rst | 2 | ||||
-rw-r--r-- | doc/notes/notes-9.16.15.rst | 6 | ||||
-rw-r--r-- | doc/notes/notes-9.16.20.rst | 2 | ||||
-rw-r--r-- | doc/notes/notes-9.16.22.rst | 2 | ||||
-rw-r--r-- | doc/notes/notes-9.16.27.rst | 4 | ||||
-rw-r--r-- | doc/notes/notes-9.16.3.rst | 6 | ||||
-rw-r--r-- | doc/notes/notes-9.16.33.rst | 8 | ||||
-rw-r--r-- | doc/notes/notes-9.16.37.rst | 6 | ||||
-rw-r--r-- | doc/notes/notes-9.16.4.rst | 7 | ||||
-rw-r--r-- | doc/notes/notes-9.16.42.rst | 4 | ||||
-rw-r--r-- | doc/notes/notes-9.16.44.rst | 2 | ||||
-rw-r--r-- | doc/notes/notes-9.16.45.rst | 26 | ||||
-rw-r--r-- | doc/notes/notes-9.16.46.rst | 19 | ||||
-rw-r--r-- | doc/notes/notes-9.16.47.rst | 20 | ||||
-rw-r--r-- | doc/notes/notes-9.16.48.rst | 69 | ||||
-rw-r--r-- | doc/notes/notes-9.16.6.rst | 13 |
16 files changed, 164 insertions, 32 deletions
diff --git a/doc/notes/notes-9.16.12.rst b/doc/notes/notes-9.16.12.rst index d236f5e..30e84cb 100644 --- a/doc/notes/notes-9.16.12.rst +++ b/doc/notes/notes-9.16.12.rst @@ -22,7 +22,7 @@ Security Fixes authentication). This flaw could be exploited to crash ``named``. Theoretically, it also enabled remote code execution, but achieving the latter is very difficult in real-world conditions. - (CVE-2020-8625) + :cve:`2020-8625` This vulnerability was responsibly reported to us as ZDI-CAN-12302 by Trend Micro Zero Day Initiative. :gl:`#2354` diff --git a/doc/notes/notes-9.16.15.rst b/doc/notes/notes-9.16.15.rst index 0cc0f49..a4b71c3 100644 --- a/doc/notes/notes-9.16.15.rst +++ b/doc/notes/notes-9.16.15.rst @@ -16,14 +16,14 @@ Security Fixes ~~~~~~~~~~~~~~ - A malformed incoming IXFR transfer could trigger an assertion failure - in ``named``, causing it to quit abnormally. (CVE-2021-25214) + in ``named``, causing it to quit abnormally. :cve:`2021-25214` ISC would like to thank Greg Kuechle of SaskTel for bringing this vulnerability to our attention. :gl:`#2467` - ``named`` crashed when a DNAME record placed in the ANSWER section during DNAME chasing turned out to be the final answer to a client - query. (CVE-2021-25215) + query. :cve:`2021-25215` ISC would like to thank `Siva Kakarla`_ for bringing this vulnerability to our attention. :gl:`#2540` @@ -37,7 +37,7 @@ Security Fixes GSSAPI authentication). This flaw could be exploited to crash ``named`` binaries compiled for 64-bit platforms, and could enable remote code execution when ``named`` was compiled for 32-bit - platforms. (CVE-2021-25216) + platforms. :cve:`2021-25216` This vulnerability was reported to us as ZDI-CAN-13347 by Trend Micro Zero Day Initiative. :gl:`#2604` diff --git a/doc/notes/notes-9.16.20.rst b/doc/notes/notes-9.16.20.rst index b1ae9b2..1682f4b 100644 --- a/doc/notes/notes-9.16.20.rst +++ b/doc/notes/notes-9.16.20.rst @@ -17,7 +17,7 @@ Security Fixes - Fixed an assertion failure that occurred in ``named`` when it attempted to send a UDP packet that exceeded the MTU size, if - Response Rate Limiting (RRL) was enabled. (CVE-2021-25218) :gl:`#2856` + Response Rate Limiting (RRL) was enabled. :cve:`2021-25218` :gl:`#2856` - ``named`` failed to check the opcode of responses when performing zone refreshes, stub zone updates, and UPDATE forwarding. This could lead diff --git a/doc/notes/notes-9.16.22.rst b/doc/notes/notes-9.16.22.rst index 3403ee6..5356099 100644 --- a/doc/notes/notes-9.16.22.rst +++ b/doc/notes/notes-9.16.22.rst @@ -26,7 +26,7 @@ Security Fixes that has a negligible impact on resolver performance while also preventing abuse. Administrators may observe more traffic towards servers issuing certain types of broken responses than in previous - BIND 9 releases, depending on client query patterns. (CVE-2021-25219) + BIND 9 releases, depending on client query patterns. :cve:`2021-25219` ISC would like to thank Kishore Kumar Kothapalli of Infoblox for bringing this vulnerability to our attention. :gl:`#2899` diff --git a/doc/notes/notes-9.16.27.rst b/doc/notes/notes-9.16.27.rst index 842a1c4..a319f52 100644 --- a/doc/notes/notes-9.16.27.rst +++ b/doc/notes/notes-9.16.27.rst @@ -17,7 +17,7 @@ Security Fixes - The rules for acceptance of records into the cache have been tightened to prevent the possibility of poisoning if forwarders send records - outside the configured bailiwick. (CVE-2021-25220) + outside the configured bailiwick. :cve:`2021-25220` ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University, and @@ -26,7 +26,7 @@ Security Fixes - TCP connections with ``keep-response-order`` enabled could leave the TCP sockets in the ``CLOSE_WAIT`` state when the client did not - properly shut down the connection. (CVE-2022-0396) :gl:`#3112` + properly shut down the connection. :cve:`2022-0396` :gl:`#3112` Feature Changes ~~~~~~~~~~~~~~~ diff --git a/doc/notes/notes-9.16.3.rst b/doc/notes/notes-9.16.3.rst index 773bfd8..c987921 100644 --- a/doc/notes/notes-9.16.3.rst +++ b/doc/notes/notes-9.16.3.rst @@ -20,11 +20,11 @@ Security Fixes request before aborting recursion has been further limited. Root and top-level domain servers are no longer exempt from the ``max-recursion-queries`` limit. Fetches for missing name server - address records are limited to 4 for any domain. This issue was - disclosed in CVE-2020-8616. :gl:`#1388` + address records are limited to 4 for any domain. :cve:`2020-8616` + :gl:`#1388` - Replaying a TSIG BADTIME response as a request could trigger an - assertion failure. This was disclosed in CVE-2020-8617. :gl:`#1703` + assertion failure. :cve:`2020-8617` :gl:`#1703` Known Issues ~~~~~~~~~~~~ diff --git a/doc/notes/notes-9.16.33.rst b/doc/notes/notes-9.16.33.rst index 876aab8..6e152b5 100644 --- a/doc/notes/notes-9.16.33.rst +++ b/doc/notes/notes-9.16.33.rst @@ -18,7 +18,7 @@ Security Fixes - Previously, there was no limit to the number of database lookups performed while processing large delegations, which could be abused to severely impact the performance of :iscman:`named` running as a - recursive resolver. This has been fixed. (CVE-2022-2795) + recursive resolver. This has been fixed. :cve:`2022-2795` ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr & Shani Stajnrod from Reichman University for bringing @@ -27,14 +27,14 @@ Security Fixes - :iscman:`named` running as a resolver with the ``stale-answer-client-timeout`` option set to ``0`` could crash with an assertion failure, when there was a stale CNAME in the cache for - the incoming query. This has been fixed. (CVE-2022-3080) :gl:`#3517` + the incoming query. This has been fixed. :cve:`2022-3080` :gl:`#3517` - A memory leak was fixed that could be externally triggered in the - DNSSEC verification code for the ECDSA algorithm. (CVE-2022-38177) + DNSSEC verification code for the ECDSA algorithm. :cve:`2022-38177` :gl:`#3487` - Memory leaks were fixed that could be externally triggered in the - DNSSEC verification code for the EdDSA algorithm. (CVE-2022-38178) + DNSSEC verification code for the EdDSA algorithm. :cve:`2022-38178` :gl:`#3487` Feature Changes diff --git a/doc/notes/notes-9.16.37.rst b/doc/notes/notes-9.16.37.rst index 9b0393c..4d24781 100644 --- a/doc/notes/notes-9.16.37.rst +++ b/doc/notes/notes-9.16.37.rst @@ -19,14 +19,14 @@ Security Fixes available memory. This flaw was addressed by adding a new ``update-quota`` option that controls the maximum number of outstanding DNS UPDATE messages that :iscman:`named` can hold in a - queue at any given time (default: 100). (CVE-2022-3094) + queue at any given time (default: 100). :cve:`2022-3094` ISC would like to thank Rob Schulhof from Infoblox for bringing this vulnerability to our attention. :gl:`#3523` - :iscman:`named` could crash with an assertion failure when an RRSIG query was received and ``stale-answer-client-timeout`` was set to a - non-zero value. This has been fixed. (CVE-2022-3736) + non-zero value. This has been fixed. :cve:`2022-3736` ISC would like to thank Borja Marcos from Sarenet (with assistance by Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to @@ -36,7 +36,7 @@ Security Fixes ``stale-answer-client-timeout`` option set to any value greater than ``0`` could crash with an assertion failure, when the ``recursive-clients`` soft quota was reached. This has been fixed. - (CVE-2022-3924) + :cve:`2022-3924` ISC would like to thank Maksym Odinintsev from AWS for bringing this vulnerability to our attention. :gl:`#3619` diff --git a/doc/notes/notes-9.16.4.rst b/doc/notes/notes-9.16.4.rst index 6dd03f6..eb8c200 100644 --- a/doc/notes/notes-9.16.4.rst +++ b/doc/notes/notes-9.16.4.rst @@ -16,12 +16,11 @@ Security Fixes ~~~~~~~~~~~~~~ - It was possible to trigger an assertion when attempting to fill an - oversized TCP buffer. This was disclosed in CVE-2020-8618. - :gl:`#1850` + oversized TCP buffer. :cve:`2020-8618` :gl:`#1850` - It was possible to trigger an INSIST failure when a zone with an - interior wildcard label was queried in a certain pattern. This was - disclosed in CVE-2020-8619. :gl:`#1111` :gl:`#1718` + interior wildcard label was queried in a certain pattern. + :cve:`2020-8619` :gl:`#1111` :gl:`#1718` New Features ~~~~~~~~~~~~ diff --git a/doc/notes/notes-9.16.42.rst b/doc/notes/notes-9.16.42.rst index 85b0ede..423ddfa 100644 --- a/doc/notes/notes-9.16.42.rst +++ b/doc/notes/notes-9.16.42.rst @@ -17,7 +17,7 @@ Security Fixes - The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured ``max-cache-size`` limit. - (CVE-2023-2828) + :cve:`2023-2828` ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv @@ -28,7 +28,7 @@ Security Fixes refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for :iscman:`named` to enter an infinite callback loop and crash due to stack overflow. This has been - fixed. (CVE-2023-2911) :gl:`#4089` + fixed. :cve:`2023-2911` :gl:`#4089` Bug Fixes ~~~~~~~~~ diff --git a/doc/notes/notes-9.16.44.rst b/doc/notes/notes-9.16.44.rst index 81c157a..b43db5a 100644 --- a/doc/notes/notes-9.16.44.rst +++ b/doc/notes/notes-9.16.44.rst @@ -18,7 +18,7 @@ Security Fixes - Previously, sending a specially crafted message over the control channel could cause the packet-parsing code to run out of available stack memory, causing :iscman:`named` to terminate unexpectedly. - This has been fixed. (CVE-2023-3341) + This has been fixed. :cve:`2023-3341` ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing this vulnerability to our attention. :gl:`#4152` diff --git a/doc/notes/notes-9.16.45.rst b/doc/notes/notes-9.16.45.rst new file mode 100644 index 0000000..4f83e56 --- /dev/null +++ b/doc/notes/notes-9.16.45.rst @@ -0,0 +1,26 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.16.45 +---------------------- + +Feature Changes +~~~~~~~~~~~~~~~ + +- The IP addresses for B.ROOT-SERVERS.NET have been updated to + 170.247.170.2 and 2801:1b8:10::b. :gl:`#4101` + +Known Issues +~~~~~~~~~~~~ + +- There are no new known issues with this release. See :ref:`above + <relnotes_known_issues>` for a list of all known issues affecting this + BIND 9 branch. diff --git a/doc/notes/notes-9.16.46.rst b/doc/notes/notes-9.16.46.rst new file mode 100644 index 0000000..b0af65a --- /dev/null +++ b/doc/notes/notes-9.16.46.rst @@ -0,0 +1,19 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.16.46 +---------------------- + +.. note:: + + The BIND 9.16.46 release was withdrawn after the discovery of a + regression in a security fix in it during pre-release testing. ISC + would like to acknowledge the assistance of Curtis Tuplin of SaskTel. diff --git a/doc/notes/notes-9.16.47.rst b/doc/notes/notes-9.16.47.rst new file mode 100644 index 0000000..bf39c3d --- /dev/null +++ b/doc/notes/notes-9.16.47.rst @@ -0,0 +1,20 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.16.47 +---------------------- + +.. note:: + + The BIND 9.16.47 release was withdrawn after the discovery of a + regression in a security fix in it during pre-release testing. ISC + would like to acknowledge the assistance of Vinzenz Vogel and Daniel + Stirnimann of SWITCH. diff --git a/doc/notes/notes-9.16.48.rst b/doc/notes/notes-9.16.48.rst new file mode 100644 index 0000000..917e551 --- /dev/null +++ b/doc/notes/notes-9.16.48.rst @@ -0,0 +1,69 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.16.48 +---------------------- + +Security Fixes +~~~~~~~~~~~~~~ + +- Validating DNS messages containing a lot of DNSSEC signatures could + cause excessive CPU load, leading to a denial-of-service condition. + This has been fixed. :cve:`2023-50387` + + ISC would like to thank Elias Heftrig, Haya Schulmann, Niklas Vogel, + and Michael Waidner from the German National Research Center for + Applied Cybersecurity ATHENE for bringing this vulnerability to our + attention. :gl:`#4424` + +- Preparing an NSEC3 closest encloser proof could cause excessive CPU + load, leading to a denial-of-service condition. This has been fixed. + :cve:`2023-50868` :gl:`#4459` + +- Parsing DNS messages with many different names could cause excessive + CPU load. This has been fixed. :cve:`2023-4408` + + ISC would like to thank Shoham Danino from Reichman University, Anat + Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv + University, and Yuval Shavitt from Tel-Aviv University for bringing + this vulnerability to our attention. :gl:`#4234` + +- Specific queries could cause :iscman:`named` to crash with an + assertion failure when ``nxdomain-redirect`` was enabled. This has + been fixed. :cve:`2023-5517` :gl:`#4281` + +- A bad interaction between DNS64 and serve-stale could cause + :iscman:`named` to crash with an assertion failure, when both of these + features were enabled. This has been fixed. :cve:`2023-5679` + :gl:`#4334` + +- Query patterns that continuously triggered cache database maintenance + could cause an excessive amount of memory to be allocated, exceeding + ``max-cache-size`` and potentially leading to all available memory on + the host running :iscman:`named` being exhausted. This has been fixed. + :cve:`2023-6516` + + ISC would like to thank Infoblox for bringing this vulnerability to + our attention. :gl:`#4383` + +Removed Features +~~~~~~~~~~~~~~~~ + +- Support for using AES as the DNS COOKIE algorithm (``cookie-algorithm + aes;``) has been deprecated and will be removed in a future release. + Please use the current default, SipHash-2-4, instead. :gl:`#4421` + +Known Issues +~~~~~~~~~~~~ + +- There are no new known issues with this release. See :ref:`above + <relnotes_known_issues>` for a list of all known issues affecting this + BIND 9 branch. diff --git a/doc/notes/notes-9.16.6.rst b/doc/notes/notes-9.16.6.rst index 1357f1d..75cee14 100644 --- a/doc/notes/notes-9.16.6.rst +++ b/doc/notes/notes-9.16.6.rst @@ -16,7 +16,7 @@ Security Fixes ~~~~~~~~~~~~~~ - It was possible to trigger an assertion failure by sending a specially - crafted large TCP DNS message. This was disclosed in CVE-2020-8620. + crafted large TCP DNS message. :cve:`2020-8620` ISC would like to thank Emanuel Almeida of Cisco Systems, Inc. for bringing this vulnerability to our attention. :gl:`#1996` @@ -25,14 +25,13 @@ Security Fixes query resolution scenarios where QNAME minimization and forwarding were both enabled. To prevent such crashes, QNAME minimization is now always disabled for a given query resolution process, if forwarders - are used at any point. This was disclosed in CVE-2020-8621. + are used at any point. :cve:`2020-8621` ISC would like to thank Joseph Gullo for bringing this vulnerability to our attention. :gl:`#1997` - It was possible to trigger an assertion failure when verifying the - response to a TSIG-signed request. This was disclosed in - CVE-2020-8622. + response to a TSIG-signed request. :cve:`2020-8622` ISC would like to thank Dave Feldman, Jeff Warren, and Joel Cunningham of Oracle for bringing this vulnerability to our attention. @@ -40,8 +39,8 @@ Security Fixes - When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits - in the PKCS#11 RSA public key with a specially crafted packet. This - was disclosed in CVE-2020-8623. + in the PKCS#11 RSA public key with a specially crafted packet. + :cve:`2020-8623` ISC would like to thank Lyu Chiy for bringing this vulnerability to our attention. :gl:`#2037` @@ -50,7 +49,7 @@ Security Fixes as ``zonesub`` rules, which allowed keys used in ``subdomain`` rules to update names outside of the specified subdomains. The problem was fixed by making sure ``subdomain`` rules are again processed as - described in the ARM. This was disclosed in CVE-2020-8624. + described in the ARM. :cve:`2020-8624` ISC would like to thank Joop Boonen of credativ GmbH for bringing this vulnerability to our attention. :gl:`#2055` |