Bug#532738: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib

Stefan Fritsch sf at sfritsch.de
Thu Jun 11 08:07:08 UTC 2009


Package: libcompress-raw-zlib-perl
Version: 2.012-1
Severity: grave
Tags: security
Justification: user security hole

A security vulnverability was found in Compress::Raw::Zlib:

Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
the perl process at least to hang or to crash.

This causes a remote DoS in amavisd-new.

The perl package in lenny and sid contains Compress::Raw::Zlib 2.008.
There is also a separate package libcompress-raw-zlib-perl

More information can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391





More information about the pkg-perl-maintainers mailing list