[USN-794-1] Perl vulnerability
Posted 07/02/2009 - 12:27 by David Schnardthorst
Ubuntu Security Notice USN-794-1 July 02, 2009
libcompress-raw-zlib-perl, perl vulnerability
CVE-2009-1391
A security issue affects the following Ubuntu releases:
- Ubuntu 8.04 LTS
- Ubuntu 8.10
- Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
- Ubuntu 8.04 LTS
-
- libcompress-raw-zlib-perl 2.008-1ubuntu0.1
- Ubuntu 8.10
-
- libcompress-raw-zlib-perl 2.011-2ubuntu0.1
- perl 5.10.0-11.1ubuntu2.3
- Ubuntu 9.04
-
- libcompress-raw-zlib-perl 2.015-1ubuntu0.1
- perl 5.10.0-19ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that the Compress::Raw::Zlib Perl module incorrectly
handled certain zlib compressed streams. If a user or automated system were
tricked into processing a specially crafted compressed stream or file, a
remote attacker could crash the application, leading to a denial of
service.
