[php-maint] Bug#542514: libapache2-mod-php5 with segmentation fault and efree heap overflow
Jiří Bendl
bendl at pjcomp.cz
Thu Aug 20 09:02:00 UTC 2009
Hi, it doing the same in version
Package: apache2
State: installed
Automatically installed: yes
Version: 2.2.12-1
Priority: optional
Section: httpd
Dirk Howard napsal(a):
> Package: libapache2-mod-php5
> Version: 5.2.10.dfsg.1-2
>
> I'm using Debian squeeze/sid with Apache2, PHP5 and Postgresql 8.
>
> When I upgraded to apache2-2.2.12 I started to get errors in the log
> file like this:
>
> [Mon Aug 17 15:27:07 2009] [notice] Apache/2.2.12 (Debian)
> mod_auth_pgsql/2.0.3 PHP/5.2.10-2 with Suhosin-Patch mod_ssl/2.2.12
> OpenSSL/0.9.8k configured -- resuming normal operations
> [Mon Aug 17 15:27:27 2009] [notice] child pid 27492 exit signal
> Segmentation fault (11)
> [Mon Aug 17 15:27:59 2009] [error] [client xx.xx.xx.xx] ALERT - canary
> mismatch on efree() - heap overflow detected (attacker 'xx.xx.xx.xx',
> file '/home/xxx\
>
> The server seemed to have problems with connections being dropped
> before data was transfered. This caused blank or incomplete pages for
> the clients.
>
> Since this is a production system I back-rev'ed to a previous
> version. The last package that was reverted to the previous version
> as the libapache2-mod-php5 package. Once this was restored to the
> 5.2.9.dfsg.1-4 version, the errors stopped.
>
>
> System that works is:
> linux-image-2.6.30-1-686 2.6.30-5
> apache2 2.2.11-6
> apache2-mpm-prefork 2.2.11-6
> apache2-utils 2.2.11-6
> apache2.2-bin 2.2.11-6
> apache2.2-common 2.2.11-6
> libapache2-mod-auth-pgsql 2.0.3-5
> libapache2-mod-php5 5.2.9.dfsg.1-4
> php5 5.2.9.dfsg.1-4
> php5-adodb 5.04-4
> php5-cli 5.2.9.dfsg.1-4
> php5-common 5.2.9.dfsg.1-4
> php5-curl 5.2.9.dfsg.1-4
> php5-dev 5.2.9.dfsg.1-4
> php5-gd 5.2.9.dfsg.1-4
> php5-imagick 2.1.1RC1-1+b1
> php5-mcrypt 5.2.9.dfsg.1-4
> php5-mysql 5.2.9.dfsg.1-4
> php5-pgsql 5.2.9.dfsg.1-4
> php5-recode 5.2.9.dfsg.1-4
> php5-suhosin 0.9.27-1
> php5-xmlrpc 5.2.9.dfsg.1-4
>
>
> Dirk
>
>
>
More information about the pkg-php-maint
mailing list