[Secure-testing-team] Bug#542777: CVE-2009-1884: Off-by-one error in the bzinflate function in Bzip2.xs
Giuseppe Iuculano
giuseppe at iuculano.it
Fri Aug 21 09:35:12 UTC 2009
Package: libcompress-raw-bzip2-perl
Version: 2.020-1
Severity: grave
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libcompress-raw-bzip2-perl.
CVE-2009-1884[0]:
| Off-by-one error in the bzinflate function in Bzip2.xs in the
| Compress-Raw-Bzip2 module before 2.018 for Perl allows
| context-dependent attackers to cause a denial of service (application
| hang or crash) via a crafted bzip2 compressed stream that triggers a
| buffer overflow, a related issue to CVE-2009-1391.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1884
http://security-tracker.debian.net/tracker/CVE-2009-1884
Patch: https://bugs.gentoo.org/attachment.cgi?id=201642
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqOak0ACgkQNxpp46476apmUQCgkPAlkkkAoX+FZFuDq2pL4AVT
ncUAnirOW0kG336Sp1LZ45VEX6N/z82Z
=uL1i
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list