From owner-freebsd-perl@FreeBSD.ORG Wed Jul 8 05:53:39 2009 Return-Path: Delivered-To: freebsd-perl@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E9531065672 for ; Wed, 8 Jul 2009 05:53:39 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id C5CD28FC14 for ; Wed, 8 Jul 2009 05:53:38 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: (qmail invoked by alias); 08 Jul 2009 05:26:55 -0000 Received: from u18-124.dsl.vianetworks.de (EHLO u18-124.dsl.vianetworks.de) [194.231.39.124] by mail.gmx.net (mp071) with SMTP; 08 Jul 2009 07:26:55 +0200 X-Authenticated: #1956535 X-Provags-ID: V01U2FsdGVkX1+K//ZtyoeKC/HHo7bNVx28rGT6OPqQl9P5QrP9ev XYUaZwvzb7hiDT Received: by u18-124.dsl.vianetworks.de (Postfix, from userid 1100) id F3A842613F; Wed, 8 Jul 2009 07:26:50 +0200 (CEST) Date: Wed, 8 Jul 2009 07:26:50 +0200 From: olli hauer To: freebsd-perl@freebsd.org Message-ID: <20090708052650.GA30758@sorry.mine.nu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Errors-To: ohauer@gmx.de (olli hauer) X-Header0: **** ohauer at sorry **** X-Header1: ** sorry ** User-Agent: Mutt/1.5.18 (2008-05-17) X-Y-GMX-Trusted: 0 X-FuHaFi: 0.53 Subject: perl5.10 and CVE-2009-1391 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: olli hauer List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jul 2009 05:53:39 -0000 Hi, I found an entry for CVE entry for perl5.10 while patching my OpenBSD systems. Description CVE-2009-1391: Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context -dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009. After a quick compare between the OpenBSD perl and the perl5.10 port it seems the FreeBSD port is also affected. See Notes: http://openbsd.org/errata45.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1391 Quick compare between OpenBSD perl (patched) and FreeBSD port. diff -Nru ext.FreeBSD/Compress/Raw/Zlib/Zlib.xs ext.OpenBSD/Compress/Raw/Zlib/Zlib.xs --- ext.FreeBSD/Compress/Raw/Zlib/Zlib.xs 2007-12-18 11:47:07.000000000 +0100 +++ ext.OpenBSD/Compress/Raw/Zlib/Zlib.xs 2009-07-07 12:02:51.000000000 +0200 @@ -1295,7 +1295,7 @@ if (s->stream.avail_out == 0 ) { /* out of space in the output buffer so make it bigger */ - Sv_Grow(output, SvLEN(output) + bufinc) ; + Sv_Grow(output, SvLEN(output) + bufinc +1) ; cur_length += increment ; s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) + cur_length ; increment = bufinc ; Regards, olli