CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/06/26 02:31:25
Modified files:
usr.sbin/nsd : nsd.conf.5.in options.c options.h rdata.c
server.c
Log message:
Fix CVE-2026-12244, CVE-2026-12245, CVE-2026-12246 and CVE-2026-12490
- CVE-2026-12244: A specially crafted SVCB RR can cause a heap
overflow of up to 65509 attacker controlled bytes.
- CVE-2026-12245: If NSD is configured with DNS over TLS, a
client that performs a TLS action, closing the connection early,
causes a crash and restart of the server process. An attacker can
keep all children in a crash-restart loop denying DoT service.
- CVE-2026-12246: The RR type APL rdata address, if too large,
causes out of bounds write on the stack, when the zonefile is written
out.
- CVE-2026-12490: Secondaries authenticated by a client
certificate to transfer a zone over TLS, can bypass verification by
transferring over TCP.
OK sthen