Gentoo Bug 222643 - www-servers/apache <2.2.8-r3 memory leak with mod_ssl and zlib compression (CVE-2008-1678)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	222643
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 222643 depends on:			Show dependency tree
Bug 222643 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-05-18 13:35 0000

Quote, Nico Golde:
When used with zlib compression and mod_ssl it is possible
to use a memleak to cause a denial of service.

https://issues.apache.org/bugzilla/show_bug.cgi?id=44975

------- Comment #1 From Benedikt Böhm 2008-06-01 12:14:50 0000 -------

2.2.8-r3 in cvs

------- Comment #2 From Pierre-Yves Rofes 2008-06-01 17:49:37 0000 -------

(In reply to comment #1)
> 2.2.8-r3 in cvs
> 

thanks. 
arches, please test and mark stable:
target "alpha amd64 arm hppa ia64 ~mips ppc ppc64 release s390 sh sparc x86
~x86-fbsd"

------- Comment #3 From Jeroen Roovers 2008-06-02 04:12:21 0000 -------

Stable for HPPA.

------- Comment #4 From Markus Rothe 2008-06-02 05:19:47 0000 -------

=www-servers/apache-2.2.8-r3 stable on ppc64

[ having the arch/package-version tripple somewhere in a stabilization bug is
good for copy and paste! ;-) ]

------- Comment #5 From Christian Faulhammer 2008-06-02 09:53:23 0000 -------

x86 stable, especially when it as easy as gatt --work-on 222643
www-servers/apache-2.2.8-r3

------- Comment #6 From Raúl Porcel 2008-06-02 10:47:13 0000 -------

alpha/ia64/sparc stable

------- Comment #7 From Richard Freeman 2008-06-02 15:05:43 0000 -------

amd64 stable

------- Comment #8 From Peter Volkov 2008-06-05 05:25:32 0000 -------

Fixed in release snapshot.

------- Comment #9 From Tobias Scherbaum 2008-06-05 18:37:59 0000 -------

ppc stable

------- Comment #10 From Tobias Heinlein 2008-06-14 10:47:58 0000 -------

GLSA request filed.

------- Comment #11 From Robert Buchholz 2008-07-09 22:01:07 0000 -------

GLSA 200807-06

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 222643

www-servers/apache <2.2.8-r3 memory leak with mod_ssl and zlib compression (CVE-2008-1678)

Last modified: 2008-07-09 22:01:07 0000