USN-794-1: Perl vulnerability

Ubuntu Security Notice USN-794-1

2nd July, 2009

libcompress-raw-zlib-perl, perl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04 LTS

Software description

  • libcompress-raw-zlib-perl
  • perl

Details

It was discovered that the Compress::Raw::Zlib Perl module incorrectly
handled certain zlib compressed streams. If a user or automated system were
tricked into processing a specially crafted compressed stream or file, a
remote attacker could crash the application, leading to a denial of
service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 9.04:
libcompress-raw-zlib-perl 2.015-1ubuntu0.1
perl 5.10.0-19ubuntu1.1
Ubuntu 8.10:
libcompress-raw-zlib-perl 2.011-2ubuntu0.1
perl 5.10.0-11.1ubuntu2.3
Ubuntu 8.04 LTS:
libcompress-raw-zlib-perl 2.008-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References

CVE-2009-1391