It was found that fix for CVE-2015-1868 was incomplete for PowerDNS: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ Upstream released updated versions that fix this: http://blog.powerdns.com/2015/06/09/authoritative-server-3-4-5-3-3-3-and-recursor-3-7-3-3-6-4-released/ Separate CVE has been assigned to this issue: http://seclists.org/oss-sec/2015/q3/85
Created pdns tracking bugs for this issue: Affects: fedora-all [bug 1242518] Affects: epel-all [bug 1242520]
Created pdns-recursor tracking bugs for this issue: Affects: fedora-all [bug 1242519] Affects: epel-all [bug 1242521]
We have already the latest updates for Fedora and Fedora-EPEL. PowerDNS recursor updates: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6645/pdns-recursor-3.7.3-1.el7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6647/pdns-recursor-3.7.3-1.el6 https://admin.fedoraproject.org/updates/FEDORA-2015-9785/pdns-recursor-3.7.3-1.fc22 https://admin.fedoraproject.org/updates/FEDORA-2015-9786/pdns-recursor-3.7.3-1.fc21 PowerDNS authoritative server updates: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6640/pdns-3.4.5-1.el7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6642/pdns-3.3.3-1.el6 https://admin.fedoraproject.org/updates/FEDORA-2015-9788/pdns-3.4.5-1.fc21 https://admin.fedoraproject.org/updates/FEDORA-2015-9796/pdns-3.4.5-1.fc22