Backported upstream patch for remote DoS flaw - CVE-2009-0696 Fixed upstream in: 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1 https://www.isc.org/node/474 http://www.kb.cert.org/vuls/id/725188 --- bind-9.3.4-P1/bin/named/update.c.orig 2006-01-06 01:01:42.000000000 +0100 +++ bind-9.3.4-P1/bin/named/update.c 2009-07-29 10:38:12.000000000 +0200 @@ -859,7 +859,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t * if (type == dns_rdatatype_rrsig || type == dns_rdatatype_sig) covers = dns_rdata_covers(&t->rdata); - else + else if (type == dns_rdatatype_any) { + dns_db_detachnode(db, &node); + dns_diff_clear(&trash); + return (DNS_R_NXRRSET); + } else covers = 0; /*