=========================================================== Ubuntu Security Notice USN-794-1 July 02, 2009 libcompress-raw-zlib-perl, perl vulnerability CVE-2009-1391 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libcompress-raw-zlib-perl 2.008-1ubuntu0.1 Ubuntu 8.10: libcompress-raw-zlib-perl 2.011-2ubuntu0.1 perl 5.10.0-11.1ubuntu2.3 Ubuntu 9.04: libcompress-raw-zlib-perl 2.015-1ubuntu0.1 perl 5.10.0-19ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1.diff.gz Size/MD5: 3407 fe826c6ae2a68f0db36c1cd7f2dba6f0 http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1.dsc Size/MD5: 1159 6e45e1c85b78eecf636f88b182e24cc3 http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008.orig.tar.gz Size/MD5: 207488 f1932364db75062ae40521f6b38ee41d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1_amd64.deb Size/MD5: 95618 d20e0c8b3fd09004fbc16928fbc23e18 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1_i386.deb Size/MD5: 92026 4b3b19c028f333d9f2ae12aa2bc049d6 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1_lpia.deb Size/MD5: 93552 51fcebc1e8e0e47c040c2ef8811e5a69 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1_powerpc.deb Size/MD5: 97472 00a70b2125880fc1cd040c92259653a9 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1_sparc.deb Size/MD5: 93322 759d55d24d12970d1466e915da10e181 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1.diff.gz Size/MD5: 3727 09f1a38aa7afb7f20872ad597164b175 http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1.dsc Size/MD5: 1639 c7d90b5de85fcb020200664254a23cc7 http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011.orig.tar.gz Size/MD5: 207842 15456e9a79e87996a9b79e575d513276 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3.diff.gz Size/MD5: 113680 b14e8d55cd027caa9dbcff0def3fbe24 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3.dsc Size/MD5: 1335 1d7fa4b3ebb057c09228ecd98b45a009 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0.orig.tar.gz Size/MD5: 15595020 d2c39b002ebfd2c3c5dba589365c5a71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.10.0-11.1ubuntu2.3_all.deb Size/MD5: 8206674 19a9d3d0f044e38e2de6a16ae3d38418 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.10.0-11.1ubuntu2.3_all.deb Size/MD5: 3272782 6a1c114b622c30b5719e3a1187d3c86d http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.10.0-11.1ubuntu2.3_all.deb Size/MD5: 43306 9f27c2fc222e05af9fd65bde12615c2c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1_amd64.deb Size/MD5: 57876 adaed05a866851b97a4937b051693f5a http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.10.0-11.1ubuntu2.3_amd64.deb Size/MD5: 2609622 276b0f5606573fbbd392c69f9be4f757 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.10_5.10.0-11.1ubuntu2.3_amd64.deb Size/MD5: 1058 f39d83b6f9a72b89b8703479eaa313dc http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.10.0-11.1ubuntu2.3_amd64.deb Size/MD5: 946890 54a8af6cf7517c502f6ae7f4e304063a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.10.0-11.1ubuntu2.3_amd64.deb Size/MD5: 5582552 3c23ce7e47b9fedb8087b15af193a0f8 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.10.0-11.1ubuntu2.3_amd64.deb Size/MD5: 31186 9bc0cab5ee6af6cf86792b3e7585b723 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3_amd64.deb Size/MD5: 5223654 247455ba5ddbc8725dff257bf60aa6b7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1_i386.deb Size/MD5: 56176 301aef742069f0cd1ed7d1d73ede2110 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.10.0-11.1ubuntu2.3_i386.deb Size/MD5: 2371224 ec9bb873961fc5644153886d9244887c http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.10_5.10.0-11.1ubuntu2.3_i386.deb Size/MD5: 627590 3656c5daa4fd420241ce9e052fe352c3 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.10.0-11.1ubuntu2.3_i386.deb Size/MD5: 874146 80a0db8e636250d54badb5e80358abec http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.10.0-11.1ubuntu2.3_i386.deb Size/MD5: 6724876 4d779885d0dcc519807ae95b03840478 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.10.0-11.1ubuntu2.3_i386.deb Size/MD5: 29426 13cbb4a8e7293c3d3d206684cc2a9fbe http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3_i386.deb Size/MD5: 4539988 c860292ccc41abea964ce13609d6a11a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1_lpia.deb Size/MD5: 57116 819bfad6b3dc17a786c4482ce488d1cb http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.10.0-11.1ubuntu2.3_lpia.deb Size/MD5: 2385518 9ec12a069ce760189722f48dde2fc9c7 http://ports.ubuntu.com/pool/main/p/perl/libperl5.10_5.10.0-11.1ubuntu2.3_lpia.deb Size/MD5: 1056 6bfe01c2bdcf34b3b26c2b3ee22cb1b1 http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.10.0-11.1ubuntu2.3_lpia.deb Size/MD5: 902512 4fe6de798e4114acc06ad6cd4329a62f http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.10.0-11.1ubuntu2.3_lpia.deb Size/MD5: 5637398 c372c210f7efb7c54171e8771a6e7adf http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.10.0-11.1ubuntu2.3_lpia.deb Size/MD5: 29794 848c3b6d5ba0e370438592e4a4acb7a7 http://ports.ubuntu.com/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3_lpia.deb Size/MD5: 4552288 d25fe98b25081da77ba6dac665e2a0f0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1_powerpc.deb Size/MD5: 60226 ba9a864d7584ac78b5e5580e55027e7f http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.10.0-11.1ubuntu2.3_powerpc.deb Size/MD5: 2842592 eac747216597854f74d6c4154b7d1934 http://ports.ubuntu.com/pool/main/p/perl/libperl5.10_5.10.0-11.1ubuntu2.3_powerpc.deb Size/MD5: 1068 bb0250dea97575781e0b19842bc40e33 http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.10.0-11.1ubuntu2.3_powerpc.deb Size/MD5: 956002 ec5bdc31d0aed9f1290b1a4ff412bc2a http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.10.0-11.1ubuntu2.3_powerpc.deb Size/MD5: 5906102 02c7329b4d1135cd1e16af9976ec8ca5 http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.10.0-11.1ubuntu2.3_powerpc.deb Size/MD5: 32504 35c4cccef3ab5fa116b0326f3ad10184 http://ports.ubuntu.com/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3_powerpc.deb Size/MD5: 4942022 004d60c0bb6440269d05679230d6c5ff sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1_sparc.deb Size/MD5: 57916 98e95acd06170bd13661473867d71b9e http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.10.0-11.1ubuntu2.3_sparc.deb Size/MD5: 2407870 c6623da5e69bad9d0a028374f48863f1 http://ports.ubuntu.com/pool/main/p/perl/libperl5.10_5.10.0-11.1ubuntu2.3_sparc.deb Size/MD5: 1056 64231502b7de25366ed88a8d75d48899 http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.10.0-11.1ubuntu2.3_sparc.deb Size/MD5: 891406 a1282860010317e0d7734cb06ee25ac5 http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.10.0-11.1ubuntu2.3_sparc.deb Size/MD5: 5441760 060071f786bcd0254ae29be355e3fcdb http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.10.0-11.1ubuntu2.3_sparc.deb Size/MD5: 30408 fd9f4e0a21d44170395b2c9238f3dcbb http://ports.ubuntu.com/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3_sparc.deb Size/MD5: 4842184 feeb44a3ffe40c2482ee90dff41bd23a Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1.diff.gz Size/MD5: 3917 de4a4ef7075e0bad4f62c3adf5f4acc4 http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1.dsc Size/MD5: 1671 6147cba4955a7f9b311e536eb361ce8f http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015.orig.tar.gz Size/MD5: 209006 6680d7ee3fbfd5171ccf239328c284fd http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-19ubuntu1.1.diff.gz Size/MD5: 142376 4fd80dae4bcdc95123d60cee3e29c1d2 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-19ubuntu1.1.dsc Size/MD5: 1427 6b03788301ebf60ea0689751afc50ea2 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0.orig.tar.gz Size/MD5: 15595020 d2c39b002ebfd2c3c5dba589365c5a71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.10.0-19ubuntu1.1_all.deb Size/MD5: 8189298 18586966152940aec8e962566593327f http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.10.0-19ubuntu1.1_all.deb Size/MD5: 3182408 6043c0947e8447fb3c25b9bae875f720 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.10.0-19ubuntu1.1_all.deb Size/MD5: 45104 8037f52f976e9cc3bc76297f9b04872d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1_amd64.deb Size/MD5: 58776 73df5f8e78ab911025decd8bf22e8ad4 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.10.0-19ubuntu1.1_amd64.deb Size/MD5: 2609412 7db9491dc9a33752921a267fe57d9529 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.10_5.10.0-19ubuntu1.1_amd64.deb Size/MD5: 1062 e245edb342cb27301c499279d5aa2ef4 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.10.0-19ubuntu1.1_amd64.deb Size/MD5: 1041470 22e876c2f8d290c6b4b0c16f7f66848a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.10.0-19ubuntu1.1_amd64.deb Size/MD5: 5580404 be790fb42dab1dd27483876497e21e3e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.10.0-19ubuntu1.1_amd64.deb Size/MD5: 31186 646b75a18c69327f7a3521484f592ab4 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-19ubuntu1.1_amd64.deb Size/MD5: 5224556 f9481d202c8d5e3bdbad21b581782759 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1_i386.deb Size/MD5: 57140 d61a6cd30f5e2f154dd8d38af0e45d25 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.10.0-19ubuntu1.1_i386.deb Size/MD5: 2371632 6bb172e1efcbc379a3eb5893aea9b8e3 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.10_5.10.0-19ubuntu1.1_i386.deb Size/MD5: 627732 6a069a9d64ee32eb9b0fbb529a09869d http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.10.0-19ubuntu1.1_i386.deb Size/MD5: 968826 d12c4729feee32e26a4a96830d30771a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.10.0-19ubuntu1.1_i386.deb Size/MD5: 6723346 03e4e70ba33fc3362b30c776c2ed4149 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.10.0-19ubuntu1.1_i386.deb Size/MD5: 29416 e3494414bf5fb27346cef69a6be836f0 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-19ubuntu1.1_i386.deb Size/MD5: 4541240 15f50b6a54a0cb3956fd45a4a36dd3af lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1_lpia.deb Size/MD5: 58086 9d504fc5de381d25a1d3166e7acb6795 http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.10.0-19ubuntu1.1_lpia.deb Size/MD5: 2387018 bd56d250b8b058f474ed407c88b4e1fe http://ports.ubuntu.com/pool/main/p/perl/libperl5.10_5.10.0-19ubuntu1.1_lpia.deb Size/MD5: 1058 0bbd8f0305c8224779d33ef28fd2a3d2 http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.10.0-19ubuntu1.1_lpia.deb Size/MD5: 996994 50f6dc6a9f97224a821a459f787b3fd6 http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.10.0-19ubuntu1.1_lpia.deb Size/MD5: 5638296 8bb2b5549607679ac4d31d374589325f http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.10.0-19ubuntu1.1_lpia.deb Size/MD5: 29754 1f7910ca182cdc40b11b977047e439e3 http://ports.ubuntu.com/pool/main/p/perl/perl_5.10.0-19ubuntu1.1_lpia.deb Size/MD5: 4553464 25c6d395f93ef1216dff54ef89909940 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1_powerpc.deb Size/MD5: 61260 6184a1a8af2721bb6a7d2dfc9064c965 http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.10.0-19ubuntu1.1_powerpc.deb Size/MD5: 2842344 631c5405603f6eae781440a4ac72fb7b http://ports.ubuntu.com/pool/main/p/perl/libperl5.10_5.10.0-19ubuntu1.1_powerpc.deb Size/MD5: 1070 55c5c50bf7cf70866c770c639ebcf3f2 http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.10.0-19ubuntu1.1_powerpc.deb Size/MD5: 1050038 182d6ef8ad3055abeea77f5badf3d6bf http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.10.0-19ubuntu1.1_powerpc.deb Size/MD5: 5905664 0938f89a8d8871ed37549a927e5be1e1 http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.10.0-19ubuntu1.1_powerpc.deb Size/MD5: 32496 6ac9d82f0e2ad9d2c3b3aa5c4e402fdc http://ports.ubuntu.com/pool/main/p/perl/perl_5.10.0-19ubuntu1.1_powerpc.deb Size/MD5: 4942644 867653024b773a463b9105bda6173cbc sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1_sparc.deb Size/MD5: 58842 eda1968d5cb891aebcd1b315ff78ab37 http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.10.0-19ubuntu1.1_sparc.deb Size/MD5: 2408090 5b34865d40e9d8e598f99153eca41d18 http://ports.ubuntu.com/pool/main/p/perl/libperl5.10_5.10.0-19ubuntu1.1_sparc.deb Size/MD5: 1062 57c8c980c6267c743c0ec55d0cb3f843 http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.10.0-19ubuntu1.1_sparc.deb Size/MD5: 985692 80873f46b596c01a627c43cbda67345c http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.10.0-19ubuntu1.1_sparc.deb Size/MD5: 5442844 a43356eb2ff70e98e7d0cfe3e21cfdca http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.10.0-19ubuntu1.1_sparc.deb Size/MD5: 30348 09eefb0b0859e7f46e5aae0288444465 http://ports.ubuntu.com/pool/main/p/perl/perl_5.10.0-19ubuntu1.1_sparc.deb Size/MD5: 4833390 3b6c920f0c8b86121222bfbdac631a24