The following flaw was found in PowerDNS Authoritative Server: A bug was found using afl-fuzz in our packet parsing code. This bug, when exploited, this causes an assertion error and consequent termination of the the pdns_server process, causing a Denial of Service. When the PowerDNS Authoritative Server is run inside the guardian (--guardian), or inside a supervisor like supervisord or systemd, it will be automatically restarted, limiting the impact to a somewhat degraded service. PowerDNS Authoritative Server 3.4.4 - 3.4.6 are affected. No other versions are affected. The PowerDNS Recursor is not affected. PowerDNS Authoritative Server 3.4.7 contains a fix to this issue.
Created pdns tracking bugs for this issue: Affects: fedora-all [bug 1279492] Affects: epel-all [bug 1279493]
Upstream patches: https://downloads.powerdns.com/patches/2015-03/ External References: https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/
(In reply to Martin Prpic from comment #1) > Affects: epel-all [bug 1279493] Only EPEL-7 is affected.
pdns-3.4.7-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
pdns-3.4.7-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
pdns-3.4.7-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
pdns-3.4.7-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.