Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 222643 (CVE-2008-1678)

Summary: www-servers/apache <2.2.8-r3 memory leak with mod_ssl and zlib compression (CVE-2008-1678)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: apache-bugs
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-05-18 13:35:48 UTC 
Quote, Nico Golde:
When used with zlib compression and mod_ssl it is possible
to use a memleak to cause a denial of service.

https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
Comment 1 Benedikt Böhm (RETIRED) gentoo-dev 2008-06-01 12:14:50 UTC 
2.2.8-r3 in cvs
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-06-01 17:49:37 UTC 
(In reply to comment #1)
> 2.2.8-r3 in cvs
> 

thanks. 
arches, please test and mark stable:
target "alpha amd64 arm hppa ia64 ~mips ppc ppc64 release s390 sh sparc x86 ~x86-fbsd"
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2008-06-02 04:12:21 UTC 
Stable for HPPA.
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2008-06-02 05:19:47 UTC 
=www-servers/apache-2.2.8-r3 stable on ppc64

[ having the arch/package-version tripple somewhere in a stabilization bug is good for copy and paste! ;-) ]
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2008-06-02 09:53:23 UTC 
x86 stable, especially when it as easy as gatt --work-on 222643 www-servers/apache-2.2.8-r3
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2008-06-02 10:47:13 UTC 
alpha/ia64/sparc stable
Comment 7 Richard Freeman gentoo-dev 2008-06-02 15:05:43 UTC 
amd64 stable
Comment 8 Peter Volkov (RETIRED) gentoo-dev 2008-06-05 05:25:32 UTC 
Fixed in release snapshot.
Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev 2008-06-05 18:37:59 UTC 
ppc stable
Comment 10 Tobias Heinlein (RETIRED) gentoo-dev 2008-06-14 10:47:58 UTC 
GLSA request filed.
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2008-07-09 22:01:07 UTC 
GLSA 200807-06