The bug had been discovered in the most recent releases of BIND 9 and had the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.
ISC says that no intentional exploitation of the bug has been observed in the wild. The existence of the issue has been disclosed on an open mailing list with enough accompanying detail to reverse engineer an attack and ISC is therefore treating this as a Type II (publicly disclosed) vulnerability.
The vulnerability Versions affected BIND 9.6-ESV-R9, 9.8.5, and 9.9.3.
ISC recommends to upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://ftp.isc.org/isc/bind9