This update for bind fixes the following issues:
Fix a potential assertion failure that could have been triggered by a
malformed response to an ANY query, thereby facilitating a
denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699]
Fix a potential assertion failure that could have been triggered by
responding to a query with inconsistent DNSSEC information, thereby
facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701,
bsc#1018699]
Fix potential assertion failure that could have been triggered by DNS
responses that contain unusually-formed DS resource records,
facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702,
bsc#1018699]
Fixed ldapdump to use a temporary pseudo nameserver that conforms to
BIND’s expected syntax. Prior versions would not work correctly with an
LDAP backed DNS server. [bsc#965748]