This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
A vulnerability has been found and corrected in
Off-by-one error in the inflate function in Zlib.xs in
Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS,
SpamAssassin, and possibly other products, allows context-dependent
attackers to cause a denial of service (hang or crash) via a crafted
zlib compressed stream that triggers a heap-based buffer overflow, as
exploited in the wild by Trojan.Downloader-71014 in June 2009
This update provides fixes for this vulnerability.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
Update the affected perl-Compress-Raw-Zlib package.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.3
Public Exploit Available : true