Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 222643 (CVE-2008-1678) - www-servers/apache <2.2.8-r3 memory leak with mod_ssl and zlib compression (CVE-2008-1678)
Summary: www-servers/apache <2.2.8-r3 memory leak with mod_ssl and zlib compression (C...
Status: RESOLVED FIXED
Alias: CVE-2008-1678
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: https://issues.apache.org/bugzilla/sh...
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-05-18 13:35 UTC by Robert Buchholz (RETIRED)
Modified: 2008-07-09 22:01 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-05-18 13:35:48 UTC
Quote, Nico Golde:
When used with zlib compression and mod_ssl it is possible
to use a memleak to cause a denial of service.

https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
Comment 1 Benedikt Böhm (RETIRED) gentoo-dev 2008-06-01 12:14:50 UTC
2.2.8-r3 in cvs
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-06-01 17:49:37 UTC
(In reply to comment #1)
> 2.2.8-r3 in cvs
> 

thanks. 
arches, please test and mark stable:
target "alpha amd64 arm hppa ia64 ~mips ppc ppc64 release s390 sh sparc x86 ~x86-fbsd"
Comment 3 Jeroen Roovers gentoo-dev 2008-06-02 04:12:21 UTC
Stable for HPPA.
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2008-06-02 05:19:47 UTC
=www-servers/apache-2.2.8-r3 stable on ppc64

[ having the arch/package-version tripple somewhere in a stabilization bug is good for copy and paste! ;-) ]
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2008-06-02 09:53:23 UTC
x86 stable, especially when it as easy as gatt --work-on 222643 www-servers/apache-2.2.8-r3
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2008-06-02 10:47:13 UTC
alpha/ia64/sparc stable
Comment 7 Richard Freeman gentoo-dev 2008-06-02 15:05:43 UTC
amd64 stable
Comment 8 Peter Volkov (RETIRED) gentoo-dev 2008-06-05 05:25:32 UTC
Fixed in release snapshot.
Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev 2008-06-05 18:37:59 UTC
ppc stable
Comment 10 Tobias Heinlein (RETIRED) gentoo-dev 2008-06-14 10:47:58 UTC
GLSA request filed.
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2008-07-09 22:01:07 UTC
GLSA 200807-06