Summary: | <perl-core/Compress-Raw-Bzip2-2.020: Off-by-one buffer overflow (CVE-2009-1884) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | perl | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://search.cpan.org/diff?from=Compress-Raw-Bzip2-2.017&to=Compress-Raw-Bzip2-2.019&w=1 | ||||||
Whiteboard: | B2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 273141 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-08-18 19:17:57 UTC
Created attachment 201642 [details, diff]
CVE-2009-1884.patch
=perl-core/Compress-Raw-Bzip2-2.020 is stable, so this is glsa-ready. GLSA 200908-07 CVE-2009-1884 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1884): Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. |