The Berkeley Internet Name Domain (BIND) is an implementation of the DomainName System (DNS) protocols. BIND includes a DNS server (named); a resolverlibrary (routines for applications to use when interfacing with DNS); andtools for verifying that the DNS server is operating correctly.It was discovered that named did not invalidate previously cached RRSIGrecords when adding an NCACHE record for the same entry to the cache. Aremote attacker allowed to send recursive DNS queries to named could usethis flaw to crash named. (CVE-2010-3613)A flaw was found in the DNSSEC validation code in named. If named hadmultiple trust anchors configured for a zone, a response to a request for arecord in that zone with a bad signature could cause named to crash.(CVE-2010-3762)It was discovered that, in certain cases, named did not properly performDNSSEC validation of an NS RRset for zones in the middle of a DNSKEYalgorithm rollover. This flaw could cause the validator to incorrectlydetermine that the zone is insecure and not protected by DNSSEC.(CVE-2010-3614)All BIND users are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues. After installing theupdate, the BIND daemon (named) will be restarted automatically.