Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache2-mpm-worker: memory leak which can occur after an aborted connection (CVE-2005-2970)

Related Vulnerabilities: CVE-2005-2970  

Source

Debian Bug report logs - #340337
apache2-mpm-worker: memory leak which can occur after an aborted connection (CVE-2005-2970)

version graph

Package: apache2-mpm-worker; Maintainer for apache2-mpm-worker is Debian Apache Maintainers <debian-apache@lists.debian.org>; Source for apache2-mpm-worker is src:apache2 (PTS, buildd, popcon).

Reported by: Stefan Fritsch <sf@sfritsch.de>

Date: Tue, 22 Nov 2005 19:48:02 UTC

Severity: grave

Tags: patch, security

Found in version apache2-mpm-worker/2.0.54-5

Fixed in version apache2-mpm-worker/2.0.55-1

Done: Filipus Klutiero <ido@vif.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#340337; Package apache2-mpm-worker. (full text, mbox, link).

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apache2-mpm-worker: memory leak which can occur after an aborted connection (CVE-2005-2970)
Date: Tue, 22 Nov 2005 20:38:36 +0100
Package: apache2-mpm-worker
Version: 2.0.55-3
Severity: grave
Tags: patch security

CVE-2005-2970:
worker MPM: Fix a memory leak which can occur after an aborted
connection in some limited circumstances. 

A Patch is at
http://svn.apache.org/viewcvs?rev=292949&view=rev

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#340337; Package apache2-mpm-worker. (full text, mbox, link).

Acknowledgement sent to FX <gentoo@sbcglobal.net>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>. (full text, mbox, link).

Message #10 received at 340337@bugs.debian.org (full text, mbox, reply):

From: FX <gentoo@sbcglobal.net>
To: 340337@bugs.debian.org
Subject: CVE-2005-2970 exists in 2.0.54 too -- please fix stable branch
Date: Sun, 11 Dec 2005 21:57:31 -0600
This problem exists in Debian's stable branch with apache2-mpm-worker 
2.0.54.

It appears to have been fixed already in Ubuntu versions 4.10, 5.4, and 
5.10.

From http://www.ubuntulinux.org/usn/usn-225-1

"The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.9 (for Ubuntu 4.10), 2.0.53-5ubuntu5.4 (for
Ubuntu 5.04), or 2.0.54-5ubuntu3 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes."

A remote attacker can repeatedly trigger this memory leak and exhaust 
all the memory.  Please fix and provide an update for the stable 
branch.  Thanks.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#340337; Package apache2-mpm-worker. (full text, mbox, link).

Acknowledgement sent to Filipus Klutiero <ido@vif.com>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>. (full text, mbox, link).

Message #15 received at 340337@bugs.debian.org (full text, mbox, reply):

From: Filipus Klutiero <ido@vif.com>
To: 340337@bugs.debian.org, control@bugs.debian.org
Subject: Doesn't affect testing/unstable
Date: Mon, 29 May 2006 07:23:58 -0400
notfound 340337 2.0.55-3
found 340337 2.0.54-5
close 340337 2.0.55-1
thanks

This should not be present in 2.0.55:

 *) SECURITY: CVE-2005-2970 (cve.mitre.org)
    worker MPM: Fix a memory leak which can occur after an aborted
    connection in some limited circumstances.  [Greg Ames]

Bug marked as not found in version 2.0.55-3. Request was from Filipus Klutiero <ido@vif.com> to control@bugs.debian.org. (full text, mbox, link).

Bug marked as found in version 2.0.54-5. Request was from Filipus Klutiero <ido@vif.com> to control@bugs.debian.org. (full text, mbox, link).

Bug marked as fixed in version 2.0.55-1, send any further explanations to Stefan Fritsch <sf@sfritsch.de> Request was from Filipus Klutiero <ido@vif.com> to control@bugs.debian.org. (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 06:13:36 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:39:38 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started