MDVSA-2009:174
- Nom du paquet
- perl-Compress-Raw-Zlib
- Date
- 2009-07-29
- Advisory ID
- MDVSA-2009:174
- Affected versions
- MES5 i586 , MES5 x86_64
Problem description
A vulnerability has been found and corrected in perl-Compress-Raw-Zlib:
Off-by-one error in the inflate function in Zlib.xs in
Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS,
SpamAssassin, and possibly other products, allows context-dependent
attackers to cause a denial of service (hang or crash) via a crafted
zlib compressed stream that triggers a heap-based buffer overflow,
as exploited in the wild by Trojan.Downloader-71014 in June 2009
(CVE-2009-1391).
This update provides fixes for this vulnerability.
Updated packages
MES5 i586
d63cdadc79257bc26a66bb334708151d mes5/i586/perl-Compress-Raw-Zlib-2.015-1.1mdvmes5.i586.rpm 8c505552938454e71b76cafc602db7ea mes5/SRPMS/perl-Compress-Raw-Zlib-2.015-1.1mdvmes5.src.rpm
MES5 x86_64
a97e6db0a9b34e9652189c823ab1e520 mes5/x86_64/perl-Compress-Raw-Zlib-2.015-1.1mdvmes5.x86_64.rpm 8c505552938454e71b76cafc602db7ea mes5/SRPMS/perl-Compress-Raw-Zlib-2.015-1.1mdvmes5.src.rpm