CVSROOT:        /cvs
Module name:    src
Changes by:     [email protected] 2026/06/26 02:31:25

Modified files:
        usr.sbin/nsd   : nsd.conf.5.in options.c options.h rdata.c 
                         server.c 

Log message:
Fix CVE-2026-12244, CVE-2026-12245, CVE-2026-12246 and CVE-2026-12490

- CVE-2026-12244: A specially crafted SVCB RR can cause a heap
overflow of up to 65509 attacker controlled bytes.
- CVE-2026-12245: If NSD is configured with DNS over TLS, a
client that performs a TLS action, closing the connection early,
causes a crash and restart of the server process. An attacker can
keep all children in a crash-restart loop denying DoT service.
- CVE-2026-12246: The RR type APL rdata address, if too large,
causes out of bounds write on the stack, when the zonefile is written
out.
- CVE-2026-12490: Secondaries authenticated by a client
certificate to transfer a zone over TLS, can bypass verification by
transferring over TCP.

OK sthen

Reply via email to