USN-802-2 -- apache2 regressionID: oval:org.secpod.oval:def:700365 | Date: (C)2011-05-13 (M)2021-06-02 |
Class: PATCH | Family: unix |
USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption
Platform: |
Ubuntu 8.04 |
Ubuntu 9.04 |
Ubuntu 6.06 |
Ubuntu 8.10 |