CVE-2009-1891

Published: 10 July 2009

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

Priority

Status

Package	Release	Status
apache2 Launchpad, Ubuntu, Debian	dapper	Released (2.0.55-4ubuntu2.6)
	hardy	Released (2.2.8-1ubuntu0.10)
	intrepid	Released (2.2.9-7ubuntu3.2)
	jaunty	Released (2.2.11-2ubuntu2.2)
	upstream	Needed
	Patches: upstream: http://svn.apache.org/viewvc?view=rev&revision=791454

References

https://ubuntu.com/security/notices/USN-802-1
https://www.cve.org/CVERecord?id=CVE-2009-1891
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1891
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›