Corrective updates to the BIND 9.14.3, 9.11.8, and 9.12.4-P2 stable branches of the DNS server, as well as the 9.15.1 experimental branch in development. At the same time, it announced the termination of further support for the 9.12 branch, for which updates will no longer be released.
The updates are notable for the elimination () that allows you to cause a denial of service (terminating the process with an assertion REQUIRE). The problem is caused by a race condition that occurs when processing a very large number of specially crafted incoming packets that match the block filter. To exploit the vulnerability, an attacker must send a large number of queries to the victim's resolver, which will cause the attacker's DNS server to be contacted and return incorrect responses.
Source: opennet.ru