BIND, an implementation of the Domain Name System (DNS) protocols and one of the most widely used pieces of DNS software on the Internet, has reached version 9.9.4-P2. According to the developers of BIND, this is the last production version release in the 9.9 branch of the software.
ISC BIND 9.x before 9.7.6P1,
9.8.x before 9.8.3P1,
9.9.x before 9.9.1P1,
does not properly handle
resource records with a zerolength
RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or
obtain sensitive information from process memory via a crafted record.