The Berkeley Internet Name Domain (BIND) is an implementation of the DomainName System (DNS) protocols. BIND includes a DNS server (named); a resolverlibrary (routines for applications to use when interfacing with DNS); andtools for verifying that the DNS server is operating correctly.A flaw was found in the way BIND handled zero length resource data records.A malicious owner of a DNS domain could use this flaw to createspecially-crafted DNS resource records that would cause a recursiveresolver or secondary server to crash or, possibly, disclose portions ofits memory. (CVE-2012-1667)A flaw was found in the way BIND handled the updating of cached name server(NS) resource records. A malicious owner of a DNS domain could use thisflaw to keep the domain resolvable by the BIND server even after thedelegation was removed from the parent DNS zone. With this update, BINDlimits the time-to-live of the replacement record to that of thetime-to-live of the record being replaced. (CVE-2012-1033)Users of bind are advised to upgrade to these updated packages, whichcorrect these issues. After installing the update, the BIND daemon (named)will be restarted automatically.