Errata overview
Errata ID 297
Date 2016-10-20
Source package bind9
Fixed in version 1:9.8.4.dfsg.P1-6+nmu2.124.201610152034
This update addresses the following issue:
* incorrect validation of DNSSEC-signed records in the Bind DNS server could
  result in denial of service (CVE-2015-5722)
* Responses with a malformed class attribute can trigger an assertion failure
  in db.c (CVE-2015-8000)
* Denial of service due to INSIST failure in apl_42.c triggered by specific
  APL RR data (CVE-2015-8704)
* Denial of service due to maliciously crafted rdnc command (CVE-2016-1285)
* Denial of service (crash) due to DNAME parsing error (CVE-2016-1286)
* buffer.c in named does not properly construct responses, which allows
  remote attackers to cause a denial of service (assertion failure and daemon
  exit) via a crafted query. (CVE-2016-2776)
Additional notes
CVE ID CVE-2015-5722
UCS Bug number #40319