Multiple vulnerabilities were found in the ISC BIND software. A remote attacker could send a specially crafted query to trigger an assertion failure which could cause the BIND to exit.
Both authoritative and recursive name servers are affected.
Successful exploitation could lead to a denial of service (DoS) condition on an affected system.
Internet Systems Consortium (ISC) has released the following patches to solve the problems:
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://kb.isc.org/article/AA-01439
https://kb.isc.org/article/AA-01440
https://kb.isc.org/article/AA-01441
https://kb.isc.org/article/AA-01442
https://www.us-cert.gov/ncas/current-activity/2017/01/11/ISC-Releases-Security-Updates-BIND
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9778