Stabilising update for BIND DNS server
A critical vulnerability in BIND has threatened the stability of the DNS server. The problem was discovered while developers were testing experimental DNS record types, when they found it was possible to add records to BIND with zero length rdata fields.
Recursive servers were found to crash or disclose memory content to clients, while secondary servers could crash on restart if they had transferred a zone with these zero-length records. In certain circumstances, master servers could also corrupt zone data if "auto-dnssec" was set to "maintain".
There are currently no known active exploits, though the issue has been discussed on public mailing lists. There are also no known workarounds for the problem, but these are being investigated. The only option is to upgrade to the latest BIND versions, 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, or 9.9.1-P1 as appropriate; the source and Windows versions are available from the ISC Bind Download page.