Bug 20760

Summary: CVE-2009-1891 Apache (mod_deflate) Denial of Service Vulnerability
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: apache2Assignee: Anton Farygin <rider>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: major    
Priority: P3 CC: ldv, rider
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712
Bug Depends on: 20916    
Bug Blocks:    

Description Vladimir Lettiev 2009-07-13 08:46:20 MSD
There is a bug in mod_deflate that can lead to a DOS with a very small
network traffic.

The problem is the following : when downloading a file with mod_deflate
enabled and aborting the connexion before the end, mod_deflate will take
100% of a CPU and finish to compress the file for nothing.

Problem fixed in svn: http://svn.apache.org/viewvc?view=rev&revision=791454
Comment 1 Dmitry V. Levin 2009-07-24 02:32:42 MSD
*ping*
Comment 2 solo 2009-07-24 12:04:09 MSD
В работе.
Comment 3 solo 2009-07-31 10:58:04 MSD
Закрыта апстримом в apache 2.2.12