Debian Bug report logs -
#340337
apache2-mpm-worker: memory leak which can occur after an aborted connection (CVE-2005-2970)
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Tue, 22 Nov 2005 19:48:02 UTC
Severity: grave
Tags: patch, security
Found in version apache2-mpm-worker/2.0.54-5
Fixed in version apache2-mpm-worker/2.0.55-1
Done: Filipus Klutiero <ido@vif.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>
:
Bug#340337
; Package apache2-mpm-worker
.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>
:
New Bug report received and forwarded. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: apache2-mpm-worker
Version: 2.0.55-3
Severity: grave
Tags: patch security
CVE-2005-2970:
worker MPM: Fix a memory leak which can occur after an aborted
connection in some limited circumstances.
A Patch is at
http://svn.apache.org/viewcvs?rev=292949&view=rev
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>
:
Bug#340337
; Package apache2-mpm-worker
.
(full text, mbox, link).
Acknowledgement sent to FX <gentoo@sbcglobal.net>
:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>
.
(full text, mbox, link).
Message #10 received at 340337@bugs.debian.org (full text, mbox, reply):
This problem exists in Debian's stable branch with apache2-mpm-worker
2.0.54.
It appears to have been fixed already in Ubuntu versions 4.10, 5.4, and
5.10.
From http://www.ubuntulinux.org/usn/usn-225-1
"The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.9 (for Ubuntu 4.10), 2.0.53-5ubuntu5.4 (for
Ubuntu 5.04), or 2.0.54-5ubuntu3 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes."
A remote attacker can repeatedly trigger this memory leak and exhaust
all the memory. Please fix and provide an update for the stable
branch. Thanks.
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>
:
Bug#340337
; Package apache2-mpm-worker
.
(full text, mbox, link).
Acknowledgement sent to Filipus Klutiero <ido@vif.com>
:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>
.
(full text, mbox, link).
Message #15 received at 340337@bugs.debian.org (full text, mbox, reply):
notfound 340337 2.0.55-3
found 340337 2.0.54-5
close 340337 2.0.55-1
thanks
This should not be present in 2.0.55:
*) SECURITY: CVE-2005-2970 (cve.mitre.org)
worker MPM: Fix a memory leak which can occur after an aborted
connection in some limited circumstances. [Greg Ames]
Bug marked as not found in version 2.0.55-3.
Request was from Filipus Klutiero <ido@vif.com>
to control@bugs.debian.org
.
(full text, mbox, link).
Bug marked as found in version 2.0.54-5.
Request was from Filipus Klutiero <ido@vif.com>
to control@bugs.debian.org
.
(full text, mbox, link).
Bug marked as fixed in version 2.0.55-1, send any further explanations to Stefan Fritsch <sf@sfritsch.de>
Request was from Filipus Klutiero <ido@vif.com>
to control@bugs.debian.org
.
(full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 25 Jun 2007 06:13:36 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:39:38 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.