Gentoo Security Advisory GLSA 200908-07 (Compress-Raw-Zlib Compress-Raw-Bzip2) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200908-07.

Solution

All Compress::Raw::Zlib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =perl-core/Compress-Raw-Zlib-2.020 All Compress::Raw::Bzip2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =perl-core/Compress-Raw-Bzip2-2.020 http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200908-07 http://bugs.gentoo.org/show_bug.cgi?id=273141 http://bugs.gentoo.org/show_bug.cgi?id=281955

Insight

An off-by-one error in Compress::Raw::Zlib and Compress::Raw::Bzip2 might lead to a Denial of Service.

Severity

Classification

CVE CVE-2009-1391, CVE-2009-1884

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200501-45 (gallery)
Gentoo Security Advisory GLSA 200411-36 (phpmyadmin)
Gentoo Security Advisory GLSA 200405-10 (icecast)
Gentoo Security Advisory GLSA 200405-01 (neon)
Gentoo Security Advisory GLSA 200404-20 (xine)

Take action and discover your vulnerabilities