The Internet Systems Consortium (ISC) has shipped a patch to cover a severe cache poisoning vulnerability for BIND 9 users who have DNSSEC validation turned on. The vulnerability is rated as medium risk, but this is not currently a risk for many BIND users. BIND9 users should upgrade to one of the following: 9.4-P4, 9.5.2-P1 or 9.6-P2. There are no fixes available for versions 9.0 through 9.3, as those releases are at end-of-life, ISC said.
Source: https://threatpost.com/isc-bind-9-haunted-cache-poisoning-flaw-120309/73200/