* A denial of service flaw was found in the way BIND handled a query
response containing CNAME or DNAME resource records in an unusual order. A
remote attacker could use this flaw to make named exit unexpectedly with
an assertion failure via a specially crafted DNS response. (CVE-2017-3137)
* A denial of service flaw was found in the way BIND handled query
requests when using DNS64 with "break-dnssec yes" option. A remote
attacker could use this flaw to make named exit unexpectedly with an
assertion failure via a specially crafted DNS request. (CVE-2017-3136)
--