Red Hat Security Advisory 2011-0845-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. An off-by-one flaw was found in the way BIND processed negative responses with large resource record sets . An attacker able to send recursive queries to a BIND server that is configured as a caching resolver could use this flaw to cause named to exit with an assertion failure. Various other issues were also addressed.
fdd26d6be250c5e59d407805f2b6df7ae8325c4a142b01bfff30b9ddbfe7da6f