Gentoo Full Text Bug Listing

Bug 222643 - www-servers/apache <2.2.8-r3 memory leak with mod_ssl and zlib compression (CVE-2008-1678)

Bug#: 222643 (CVE-2008-1678)	Product: Gentoo Security	Version: unspecified	Platform: All
OS/Version: Linux	Status: RESOLVED	Severity: normal	Priority: P2
Resolution: FIXED	Assigned To: security@gentoo.org	Reported By: rbu@gentoo.org
Component: Vulnerabilities
URL: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
Summary: www-servers/apache <2.2.8-r3 memory leak with mod_ssl and zlib compression (CVE-2008-1678)
Keywords:
Status Whiteboard: A3 [glsa]
Opened: 2008-05-18 13:35 0000

Description:

Opened: 2008-05-18 13:35 0000

Quote, Nico Golde:
When used with zlib compression and mod_ssl it is possible
to use a memleak to cause a denial of service.

https://issues.apache.org/bugzilla/show_bug.cgi?id=44975

------- Comment #1 From Benedikt Böhm 2008-06-01 12:14:50 0000 -------

2.2.8-r3 in cvs

------- Comment #2 From Pierre-Yves Rofes 2008-06-01 17:49:37 0000 -------

(In reply to comment #1)
> 2.2.8-r3 in cvs
> 

thanks. 
arches, please test and mark stable:
target "alpha amd64 arm hppa ia64 ~mips ppc ppc64 release s390 sh sparc x86
~x86-fbsd"

------- Comment #3 From Jeroen Roovers 2008-06-02 04:12:21 0000 -------

Stable for HPPA.

------- Comment #4 From Markus Rothe 2008-06-02 05:19:47 0000 -------

=www-servers/apache-2.2.8-r3 stable on ppc64

[ having the arch/package-version tripple somewhere in a stabilization bug is
good for copy and paste! ;-) ]

------- Comment #5 From Christian Faulhammer 2008-06-02 09:53:23 0000 -------

x86 stable, especially when it as easy as gatt --work-on 222643
www-servers/apache-2.2.8-r3

------- Comment #6 From Raúl Porcel 2008-06-02 10:47:13 0000 -------

alpha/ia64/sparc stable

------- Comment #7 From Richard Freeman 2008-06-02 15:05:43 0000 -------

amd64 stable

------- Comment #8 From Peter Volkov 2008-06-05 05:25:32 0000 -------

Fixed in release snapshot.

------- Comment #9 From Tobias Scherbaum 2008-06-05 18:37:59 0000 -------

ppc stable

------- Comment #10 From Tobias Heinlein 2008-06-14 10:47:58 0000 -------

GLSA request filed.

------- Comment #11 From Robert Buchholz 2008-07-09 22:01:07 0000 -------

GLSA 200807-06