Mandriva Linux Security Advisory 2009-157 – Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009. This update provides fixes for this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83429/MDVSA-2009-157-1.txt
Source: https://packetstormsecurity.com/files/83429/Mandriva-Linux-Security-Advisory-2009-157.html