CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345).
CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345).
CVE-2021-25216: Fixed an issue where policy negotiation can be targeted by a buffer overflow attack (bsc#1185345).