Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:157 (perl-Compress-Raw-Zlib)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64459

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:157 (perl-Compress-Raw-Zlib)

Resumen: The remote host is missing an update to perl-Compress-Raw-Zlib;announced via advisory MDVSA-2009:157.

Descripción: Summary:
The remote host is missing an update to perl-Compress-Raw-Zlib
announced via advisory MDVSA-2009:157.

Vulnerability Insight:
A vulnerability has been found and corrected in perl-Compress-Raw-Zlib:

Off-by-one error in the inflate function in Zlib.xs in
Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS,
SpamAssassin, and possibly other products, allows context-dependent
attackers to cause a denial of service (hang or crash) via a crafted
zlib compressed stream that triggers a heap-based buffer overflow,
as exploited in the wild by Trojan.Downloader-71014 in June 2009
(CVE-2009-1391).

This update provides fixes for this vulnerability.

Affected: 2008.1, 2009.0, 2009.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1391
BugTraq ID: 35307
http://www.securityfocus.com/bid/35307
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html
http://security.gentoo.org/glsa/glsa-200908-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:157
http://article.gmane.org/gmane.mail.virus.amavis.user/33635
http://article.gmane.org/gmane.mail.virus.amavis.user/33638
http://thread.gmane.org/gmane.mail.virus.amavis.user/33635
http://osvdb.org/55041
http://secunia.com/advisories/35422
http://secunia.com/advisories/35685
http://secunia.com/advisories/35689
http://secunia.com/advisories/35876
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
https://usn.ubuntu.com/794-1/
http://www.vupen.com/english/advisories/2009/1571
XForce ISS Database: perl-compressrawzlib-inflate-bo(51062)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51062

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64459
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:157 (perl-Compress-Raw-Zlib)
Resumen:	The remote host is missing an update to perl-Compress-Raw-Zlib;announced via advisory MDVSA-2009:157.
Descripción:	Summary: The remote host is missing an update to perl-Compress-Raw-Zlib announced via advisory MDVSA-2009:157. Vulnerability Insight: A vulnerability has been found and corrected in perl-Compress-Raw-Zlib: Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009 (CVE-2009-1391). This update provides fixes for this vulnerability. Affected: 2008.1, 2009.0, 2009.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1391 BugTraq ID: 35307 http://www.securityfocus.com/bid/35307 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html http://security.gentoo.org/glsa/glsa-200908-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:157 http://article.gmane.org/gmane.mail.virus.amavis.user/33635 http://article.gmane.org/gmane.mail.virus.amavis.user/33638 http://thread.gmane.org/gmane.mail.virus.amavis.user/33635 http://osvdb.org/55041 http://secunia.com/advisories/35422 http://secunia.com/advisories/35685 http://secunia.com/advisories/35689 http://secunia.com/advisories/35876 SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html https://usn.ubuntu.com/794-1/ http://www.vupen.com/english/advisories/2009/1571 XForce ISS Database: perl-compressrawzlib-inflate-bo(51062) https://exchange.xforce.ibmcloud.com/vulnerabilities/51062
Copyright	Copyright (C) 2009 E-Soft Inc.