Internet Systems Consortium (ISC) announced the release of the BIND 9.6.1-P3 security patch to address two cache poisoning vulnerabilities, "both of which could allow a validating recursive nameserver to cache data which had not been authenticated or was invalid."

CVE-2010-0097: Low severity
CVE-2009-4022: Medium severity

You can download BIND 9.6.1-P3 from:

ftp://ftp.isc.org/isc/bind9/9.6.1-P3/bind-9.6.1-P3.tar.gz
ftp://ftp.isc.org/isc/bind9/9.6.1-P3/BIND9.6.1-P3.zip (binary kit for Windows XP/2003/2008)

 -- Lenny

Lenny Zeltser - Security Consulting
Lenny teaches malware analysis at SANS Institute. You can find him on Twitter.