Bug#532736: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib
Stefan Fritsch
sf at sfritsch.de
Thu Jun 11 08:00:08 UTC 2009
Package: perl
Version: 5.10.0-19
Severity: grave
Tags: security
Justification: user security hole
A security vulnverability was found in Compress::Raw::Zlib:
Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
the perl process at least to hang or to crash.
This causes a remote DoS in amavisd-new.
The perl package in lenny and sid contains Compress::Raw::Zlib 2.008.
There is also a separate package libcompress-raw-zlib-perl
More information can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
More information about the Perl-maintainers
mailing list