Multiple vulnerabilities were found in "EDNS", "managed-keys" and "Dynamically Loadable Zones" features of the Internet Systems Consortium (ISC) BIND software. A remote attacker could send specially crafted messages, make malicious queries or trigger DNS zone transfers to exploit the vulnerabilities.
Successful exploitation could lead to a denial of service condition or information disclosure on an affected system.
ISC has released the following patches to solve the problems:
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.