bind is vulnerable to denial of service (DoS) attacks. The vulnerability exists as ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.
advisories.mageia.org/MGASA-2014-0524.html
cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html
ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc
kb.juniper.net/InfoCenter/index?page=content&id=JSA10676
lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html
lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html
lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html
lists.opensuse.org/opensuse-security-announce/2015-03/msg00013.html
lists.opensuse.org/opensuse-updates/2015-07/msg00038.html
marc.info/?l=bugtraq&m=142180687100892&w=2
marc.info/?l=bugtraq&m=144000632319155&w=2
rhn.redhat.com/errata/RHSA-2016-0078.html
secunia.com/advisories/62064
secunia.com/advisories/62122
security.gentoo.org/glsa/glsa-201502-03.xml
securitytracker.com/id?1031311
ubuntu.com/usn/usn-2437-1
www.debian.org/security/2014/dsa-3094
www.kb.cert.org/vuls/id/264212
www.mandriva.com/security/advisories?name=MDVSA-2015:165
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.securityfocus.com/bid/71590
access.redhat.com/security/updates/classification/#important
kb.isc.org/article/AA-01216/
rhn.redhat.com/errata/RHSA-2014-1984.html
support.apple.com/HT205219