[php-maint] Bug#542514: libapache2-mod-php5 with segmentation fault and efree heap overflow
Dirk Howard
dhoward at idksoftware.com
Thu Aug 20 00:22:22 UTC 2009
Package: libapache2-mod-php5
Version: 5.2.10.dfsg.1-2
I'm using Debian squeeze/sid with Apache2, PHP5 and Postgresql 8.
When I upgraded to apache2-2.2.12 I started to get errors in the log
file like this:
[Mon Aug 17 15:27:07 2009] [notice] Apache/2.2.12 (Debian)
mod_auth_pgsql/2.0.3 PHP/5.2.10-2 with Suhosin-Patch mod_ssl/2.2.12
OpenSSL/0.9.8k configured -- resuming normal operations
[Mon Aug 17 15:27:27 2009] [notice] child pid 27492 exit signal
Segmentation fault (11)
[Mon Aug 17 15:27:59 2009] [error] [client xx.xx.xx.xx] ALERT - canary
mismatch on efree() - heap overflow detected (attacker 'xx.xx.xx.xx',
file '/home/xxx\
The server seemed to have problems with connections being dropped before
data was transfered. This caused blank or incomplete pages for the clients.
Since this is a production system I back-rev'ed to a previous version.
The last package that was reverted to the previous version as the
libapache2-mod-php5 package. Once this was restored to the
5.2.9.dfsg.1-4 version, the errors stopped.
System that works is:
linux-image-2.6.30-1-686 2.6.30-5
apache2 2.2.11-6
apache2-mpm-prefork 2.2.11-6
apache2-utils 2.2.11-6
apache2.2-bin 2.2.11-6
apache2.2-common 2.2.11-6
libapache2-mod-auth-pgsql 2.0.3-5
libapache2-mod-php5 5.2.9.dfsg.1-4
php5 5.2.9.dfsg.1-4
php5-adodb 5.04-4
php5-cli 5.2.9.dfsg.1-4
php5-common 5.2.9.dfsg.1-4
php5-curl 5.2.9.dfsg.1-4
php5-dev 5.2.9.dfsg.1-4
php5-gd 5.2.9.dfsg.1-4
php5-imagick 2.1.1RC1-1+b1
php5-mcrypt 5.2.9.dfsg.1-4
php5-mysql 5.2.9.dfsg.1-4
php5-pgsql 5.2.9.dfsg.1-4
php5-recode 5.2.9.dfsg.1-4
php5-suhosin 0.9.27-1
php5-xmlrpc 5.2.9.dfsg.1-4
Dirk
More information about the pkg-php-maint
mailing list