273141 – (CVE-2009-1391) <perl-core/Compress-Raw-Zlib-2.020: Off-by-one (CVE-2009-1391)

Bug 273141 (CVE-2009-1391) - <perl-core/Compress-Raw-Zlib-2.020: Off-by-one (CVE-2009-1391)

Summary: <perl-core/Compress-Raw-Zlib-2.020: Off-by-one (CVE-2009-1391)

Status:	RESOLVED FIXED

Alias:	CVE-2009-1391

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://marc.info/?l=amavis-user&m=124...
Whiteboard:	B2 [glsa]
Keywords:

Depends on:	268615
Blocks:	CVE-2009-1884
	Show dependency tree

Reported:	2009-06-08 05:50 UTC by Eray Aslan
Modified:	2009-08-18 21:41 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eray Aslan gentoo-dev

2009-06-08 05:50:03 UTC

perl-core/Compress-Raw-Zlib-2.015 (current stable) has a buffer overflow which was corrected in perl-core/Compress-Raw-Zlib-2.017.  It results in hanged process during email checking.  Examples were seen in the wild.  Please check the above URL for the details.

Please unmask and stabilize perl-core/Compress-Raw-Zlib-2.020 (latest release. currently hard masked) or at least anything >=perl-core/Compress-Raw-Zlib-2.017



Reproducible: Always

Comment 1 Torsten Veller (RETIRED) gentoo-dev

2009-06-10 14:33:33 UTC

The versions are unmasked.

If early stabilization is wanted, all of the following should be stabilized:

=perl-core/IO-Compress-2.020
=perl-core/Compress-Raw-Zlib-2.020
=perl-core/Compress-Raw-Bzip2-2.020
=virtual/perl-IO-Compress-2.020
=virtual/perl-Compress-Raw-Zlib-2.020
=virtual/perl-Compress-Raw-Bzip2-2.020

=virtual/perl-Compress-Zlib-2.020
=virtual/perl-IO-Compress-Zlib-2.020
=virtual/perl-IO-Compress-Bzip2-2.020
=virtual/perl-IO-Compress-Base-2.020

Comment 2 Alex Legler (RETIRED) archtester

2009-06-12 19:35:58 UTC

Arches, please stabilize as per comment 1.

Comment 3 Ferris McCormick (RETIRED) gentoo-dev

2009-06-12 21:26:15 UTC

Sparc stable:

Files=7, Tests=684, 11 wallclock secs ( 0.49 usr  0.06 sys +  9.61 cusr  0.29 csys = 10.45 CPU)
Result: PASS

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2009-06-13 15:47:42 UTC

Stable for HPPA.

Comment 5 Raúl Porcel (RETIRED) gentoo-dev

2009-06-14 10:18:24 UTC

Uh...i wonder why hppa and sparc ignored all the stabilizations on comment #1 :) I've fixed sparc.

hppa: please also stabilize everything else.

alpha/arm/ia64/m68k/s390/sh/sparc/x86 stable

Comment 6 Jeroen Roovers (RETIRED) gentoo-dev

2009-06-14 14:57:33 UTC

(In reply to comment #5)
> Uh...i wonder why hppa and sparc ignored all the stabilizations on comment #1
> :) I've fixed sparc.

Because the bug's Summary is misleading, I guess.

> hppa: please also stabilize everything else.

Thanks for the hint.

Comment 7 Jeroen Roovers (RETIRED) gentoo-dev

2009-06-14 16:20:32 UTC

Done.

Comment 8 Alex Legler (RETIRED) archtester

2009-06-17 10:18:37 UTC

CVE-2009-1391 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1391):
  Off-by-one error in the inflate function in Zlib.xs in
  Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS,
  SpamAssassin, and possibly other products, allows context-dependent
  attackers to cause a denial of service (hang or crash) via a crafted
  zlib compressed stream that triggers a heap-based buffer overflow, as
  exploited in the wild by Trojan.Downloader-71014 in June 2009.

Comment 9 Brent Baude (RETIRED) gentoo-dev

2009-06-19 00:27:20 UTC

ppc64 done

Comment 10 Torsten Veller (RETIRED) gentoo-dev

2009-06-22 20:53:04 UTC

amd64 done

Comment 11 Torsten Veller (RETIRED) gentoo-dev

2009-07-13 07:34:30 UTC

@ppc: Can you please process this bug.

Comment 12 nixnut (RETIRED) gentoo-dev

2009-07-19 17:08:54 UTC

ppc stable. closing since we're last

Comment 13 Alex Legler (RETIRED) archtester

2009-07-19 17:33:19 UTC

GLSA first.
Request filed.

Comment 14 Alex Legler (RETIRED) archtester

2009-08-18 21:41:21 UTC

GLSA 200908-07