ASA-2019-00113 – BIND: Zone transfer controls for writable DLZ zones were not effective

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable. A client exercising this defect can request and receive a zone transfer of a DLZ even when not permitted to do so by the allow-transfer ACL.

ASA-2019-00112 – BIND: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm.

ASA-2019-00111 – BIND: A specially crafted packet can cause named to leak memory

A failure to free memory can occur when processing messages having a specific combination of EDNS options. By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted. Typically a server process is limited as to the amount of memory it can use but if the named process is not limited by the operating system all free memory on the server could be exhausted.