[php-maint] Bug#542514: libapache2-mod-php5 with segmentation fault and efree heap overflow

Jiří Bendl bendl at pjcomp.cz
Thu Aug 20 09:02:00 UTC 2009 

Hi, it doing the same in version
Package: apache2
State: installed
Automatically installed: yes
Version: 2.2.12-1
Priority: optional
Section: httpd

Dirk Howard napsal(a):
> Package: libapache2-mod-php5
> Version: 5.2.10.dfsg.1-2
>
> I'm using Debian squeeze/sid with Apache2, PHP5 and Postgresql 8.
>
> When I upgraded to apache2-2.2.12 I started to get errors in the log 
> file like this:
>
> [Mon Aug 17 15:27:07 2009] [notice] Apache/2.2.12 (Debian) 
> mod_auth_pgsql/2.0.3 PHP/5.2.10-2 with Suhosin-Patch mod_ssl/2.2.12 
> OpenSSL/0.9.8k configured -- resuming normal operations
> [Mon Aug 17 15:27:27 2009] [notice] child pid 27492 exit signal 
> Segmentation fault (11)
> [Mon Aug 17 15:27:59 2009] [error] [client xx.xx.xx.xx] ALERT - canary 
> mismatch on efree() - heap overflow detected (attacker 'xx.xx.xx.xx', 
> file '/home/xxx\
>
> The server seemed to have problems with connections being dropped 
> before data was transfered.  This caused blank or incomplete pages for 
> the clients.
>
> Since this is a production system I back-rev'ed to a previous 
> version.  The last package that was reverted to the previous version 
> as the libapache2-mod-php5 package.  Once this was restored to the 
> 5.2.9.dfsg.1-4 version, the errors stopped.
>
>
> System that works is:
> linux-image-2.6.30-1-686           2.6.30-5
> apache2                           2.2.11-6
> apache2-mpm-prefork               2.2.11-6
> apache2-utils                     2.2.11-6
> apache2.2-bin                     2.2.11-6
> apache2.2-common                  2.2.11-6
> libapache2-mod-auth-pgsql         2.0.3-5
> libapache2-mod-php5               5.2.9.dfsg.1-4
> php5                              5.2.9.dfsg.1-4
> php5-adodb                        5.04-4
> php5-cli                          5.2.9.dfsg.1-4
> php5-common                       5.2.9.dfsg.1-4
> php5-curl                         5.2.9.dfsg.1-4
> php5-dev                          5.2.9.dfsg.1-4
> php5-gd                           5.2.9.dfsg.1-4
> php5-imagick                      2.1.1RC1-1+b1
> php5-mcrypt                       5.2.9.dfsg.1-4
> php5-mysql                        5.2.9.dfsg.1-4
> php5-pgsql                        5.2.9.dfsg.1-4
> php5-recode                       5.2.9.dfsg.1-4
> php5-suhosin                      0.9.27-1
> php5-xmlrpc                       5.2.9.dfsg.1-4
>
>
> Dirk
>
>
>

More information about the pkg-php-maint mailing list