Bug#532736: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib
sf at sfritsch.de
Thu Jun 11 08:00:08 UTC 2009
Justification: user security hole
A security vulnverability was found in Compress::Raw::Zlib:
Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
the perl process at least to hang or to crash.
This causes a remote DoS in amavisd-new.
The perl package in lenny and sid contains Compress::Raw::Zlib 2.008.
There is also a separate package libcompress-raw-zlib-perl
More information can be found at
More information about the Perl-maintainers