thr3ads.net - Secure testing team - [Secure-testing-team] Bug#532738: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib [Jun 2009]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Stefan Fritsch

2009-Jun-11 08:07 UTC

[Secure-testing-team] Bug#532738: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib

Package: libcompress-raw-zlib-perl
Version: 2.012-1
Severity: grave
Tags: security
Justification: user security hole

A security vulnverability was found in Compress::Raw::Zlib:

Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
the perl process at least to hang or to crash.

This causes a remote DoS in amavisd-new.

The perl package in lenny and sid contains Compress::Raw::Zlib 2.008.
There is also a separate package libcompress-raw-zlib-perl

More information can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391

Secure testing team - Jun 2009 - Bug#532738: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib

[Secure-testing-team] Bug#532738: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib