Ubuntu Security Notice 3259-1 - It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service. Oleg Gorokhov discovered that in some situations, Bind did not properly handle DNS64 queries. An attacker could use this to cause a denial of service. Various other issues were also addressed.
e0a0e188df74112ab2a5202c03048a265df98295b15a73fdf2ea5b6597bc2f95