Nom du paquet
perl-Compress-Raw-Zlib
Date
2009-07-29
Advisory ID
MDVSA-2009:174
Affected versions
MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in perl-Compress-Raw-Zlib:

Off-by-one error in the inflate function in Zlib.xs in
Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS,
SpamAssassin, and possibly other products, allows context-dependent
attackers to cause a denial of service (hang or crash) via a crafted
zlib compressed stream that triggers a heap-based buffer overflow,
as exploited in the wild by Trojan.Downloader-71014 in June 2009
(CVE-2009-1391).

This update provides fixes for this vulnerability.

Updated packages

MES5 i586

 d63cdadc79257bc26a66bb334708151d  mes5/i586/perl-Compress-Raw-Zlib-2.015-1.1mdvmes5.i586.rpm 
 8c505552938454e71b76cafc602db7ea  mes5/SRPMS/perl-Compress-Raw-Zlib-2.015-1.1mdvmes5.src.rpm

MES5 x86_64

 a97e6db0a9b34e9652189c823ab1e520  mes5/x86_64/perl-Compress-Raw-Zlib-2.015-1.1mdvmes5.x86_64.rpm 
 8c505552938454e71b76cafc602db7ea  mes5/SRPMS/perl-Compress-Raw-Zlib-2.015-1.1mdvmes5.src.rpm

References