Gentoo Bug 281955 - <perl-core/Compress-Raw-Bzip2-2.020: Off-by-one buffer overflow (CVE-2009-1884)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	281955
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
CVE-2009-1884.patch	CVE-2009-1884.patch	patch	Robert Buchholz	2009-08-18 19:18 0000	801 bytes	Details \| Diff
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 281955 depends on:	273141		Show dependency tree
Bug 281955 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2009-08-18 19:17 0000

(based on an email by Niko Tyni of Debian)

CVE-2009-1884:
  Paul Marquess <Paul.Marquess@ntlworld.com>, the upstream author of
  Compress-Raw-{Zlib,Bzip2}, reported that Compress-Raw-Bzip2 has an
  identical off-by-one buffer overflow as Compress-Raw-Zlib (CVE-2009-1391).

The bug was fixed upstream in 2.018, patch is attached for reference.

------- Comment #1 From Robert Buchholz 2009-08-18 19:18:38 0000 -------

Created an attachment (id=201642) [details]
CVE-2009-1884.patch

------- Comment #2 From Robert Buchholz 2009-08-18 19:19:08 0000 -------

=perl-core/Compress-Raw-Bzip2-2.020 is stable, so this is glsa-ready.

------- Comment #3 From Alex Legler 2009-08-18 21:41:26 0000 -------

GLSA 200908-07

------- Comment #4 From Alex Legler 2009-08-19 22:11:05 0000 -------

CVE-2009-1884 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1884):
  Off-by-one error in the bzinflate function in Bzip2.xs in the
  Compress-Raw-Bzip2 module before 2.018 for Perl allows
  context-dependent attackers to cause a denial of service (application
  hang or crash) via a crafted bzip2 compressed stream that triggers a
  buffer overflow, a related issue to CVE-2009-1391.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 281955

<perl-core/Compress-Raw-Bzip2-2.020: Off-by-one buffer overflow (CVE-2009-1884)

Last modified: 2009-08-19 22:11:05 0000