Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1884 to the following vulnerability: Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. References: ----------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1884 https://bugs.gentoo.org/show_bug.cgi?id=281955 https://bugs.gentoo.org/show_bug.cgi?id=281955
This issue affects the versions of perl-Compress-Raw-Bzip2 package, as shipped with Fedora releases of 10 and 11. This issue affects the versions of perl-Compress-Raw-Bzip2 package, as shipped within Extra Packages for Enteprise Linux 5 (EPEL-5) project.
perl-Compress-Raw-Bzip2-2.020-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/perl-Compress-Raw-Bzip2-2.020-1.fc11
perl-Compress-Raw-Bzip2-2.020-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/perl-Compress-Raw-Bzip2-2.020-1.fc10
Update to the Compress-Raw-Bzip2-2.020 for all mentioned branches.
perl-Compress-Raw-Bzip2-2.020-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
perl-Compress-Raw-Bzip2-2.020-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.