Errata overview
Errata ID 393
Date 2017-02-15
Source package bind9
Fixed in version 1:9.8.4.dfsg.P1-6+nmu2.126.201702061148
This update addresses the following issues:
* A crafted upstream response to an ANY query could cause an assertion
  failure (CVE-2016-9131)
* A crafted upstream response with self-contradicting DNSSEC data could cause
  an assertion failure (CVE-2016-9147)
* Specially-crafted upstream responses with a DS record could cause an
  assertion failure (CVE-2016-9444)
* A regression in the patch for CVE-2016-8864 has been fixed.
* A global default timeout of 60 seconds has been added to all LDAP queries
  to prevent a deadlock situation.
* Fixed generating debug symbols for bind9-dbg.
Additional notes
CVE ID CVE-2016-9131
UCS Bug number #43362