CVE-2009-0696: By sending a specially-crafted dynamic update packet to a
BIND 9 server, a remote, unauthenticated attacker can cause a denial of
service by causing BIND to crash.

--- bind/bin/named/update.c
+++ bind/bin/named/update.c
@@ -863,7 +863,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
 			if (type == dns_rdatatype_rrsig ||
 			    type == dns_rdatatype_sig)
 				covers = dns_rdata_covers(&t->rdata);
-			else
+			else if (type == dns_rdatatype_any) {
+				dns_db_detachnode(db, &node);
+				dns_diff_clear(&trash);
+				return (DNS_R_NXRRSET);
+			} else
 				covers = 0;
 
 			/*