Package name
perl-Compress-Raw-Zlib
Date
2009-12-03
Advisory ID
MDVSA-2009:157-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability has been found and corrected in perl-Compress-Raw-Zlib:

Off-by-one error in the inflate function in Zlib.xs in
Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS,
SpamAssassin, and possibly other products, allows context-dependent
attackers to cause a denial of service (hang or crash) via a crafted
zlib compressed stream that triggers a heap-based buffer overflow,
as exploited in the wild by Trojan.Downloader-71014 in June 2009
(CVE-2009-1391).

This update provides fixes for this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 c48dda4bf47776f250c73e2af40e3ceb  2008.0/i586/perl-Compress-Raw-Zlib-2.006-1.1mdv2008.0.i586.rpm 
 65d8176b3c1285376533c0f16d5d264c  2008.0/SRPMS/perl-Compress-Raw-Zlib-2.006-1.1mdv2008.0.src.rpm

2008.0 x86_64

 e6eeabfbd6bd0b9afe54fde0374327a1  2008.0/x86_64/perl-Compress-Raw-Zlib-2.006-1.1mdv2008.0.x86_64.rpm 
 65d8176b3c1285376533c0f16d5d264c  2008.0/SRPMS/perl-Compress-Raw-Zlib-2.006-1.1mdv2008.0.src.rpm

References