[php-maint] Bug#542514: libapache2-mod-php5 with segmentation fault and efree heap overflow

Dirk Howard dhoward at idksoftware.com
Thu Aug 20 00:22:22 UTC 2009

Package: libapache2-mod-php5
Version: 5.2.10.dfsg.1-2

I'm using Debian squeeze/sid with Apache2, PHP5 and Postgresql 8.

When I upgraded to apache2-2.2.12 I started to get errors in the log 
file like this:

[Mon Aug 17 15:27:07 2009] [notice] Apache/2.2.12 (Debian) 
mod_auth_pgsql/2.0.3 PHP/5.2.10-2 with Suhosin-Patch mod_ssl/2.2.12 
OpenSSL/0.9.8k configured -- resuming normal operations
[Mon Aug 17 15:27:27 2009] [notice] child pid 27492 exit signal 
Segmentation fault (11)
[Mon Aug 17 15:27:59 2009] [error] [client xx.xx.xx.xx] ALERT - canary 
mismatch on efree() - heap overflow detected (attacker 'xx.xx.xx.xx', 
file '/home/xxx\

The server seemed to have problems with connections being dropped before 
data was transfered.  This caused blank or incomplete pages for the clients.

Since this is a production system I back-rev'ed to a previous version.  
The last package that was reverted to the previous version as the 
libapache2-mod-php5 package.  Once this was restored to the 
5.2.9.dfsg.1-4 version, the errors stopped.

System that works is:
linux-image-2.6.30-1-686           2.6.30-5
apache2                           2.2.11-6
apache2-mpm-prefork               2.2.11-6
apache2-utils                     2.2.11-6
apache2.2-bin                     2.2.11-6
apache2.2-common                  2.2.11-6
libapache2-mod-auth-pgsql         2.0.3-5
libapache2-mod-php5               5.2.9.dfsg.1-4
php5                              5.2.9.dfsg.1-4
php5-adodb                        5.04-4
php5-cli                          5.2.9.dfsg.1-4
php5-common                       5.2.9.dfsg.1-4
php5-curl                         5.2.9.dfsg.1-4
php5-dev                          5.2.9.dfsg.1-4
php5-gd                           5.2.9.dfsg.1-4
php5-imagick                      2.1.1RC1-1+b1
php5-mcrypt                       5.2.9.dfsg.1-4
php5-mysql                        5.2.9.dfsg.1-4
php5-pgsql                        5.2.9.dfsg.1-4
php5-recode                       5.2.9.dfsg.1-4
php5-suhosin                      0.9.27-1
php5-xmlrpc                       5.2.9.dfsg.1-4


More information about the pkg-php-maint mailing list