Bug#1033408: apache2: Segmentation fault + 503 on frontpage on 2.4.56-1
Hi, Sorry for the delay, as it is a production server I won't be allowed to compile a new apache2 with the patch. FYI, I now have a second server (production too unfortunately) with the same issue. Rollbacked on 2.4.54 as well to solve the segfaults. I didn't try this workaround, but I guess disabling mod_http2 would "solve" the issue as well ? Le ven. 24 mars 2023 à 20:55, Salvatore Bonaccorso a écrit : > Hi, > > On Fri, Mar 24, 2023 at 05:17:34PM +0100, Fabien LE BERRE wrote: > > Yes it does look like the bug. The Backtrace looks a lot like the > coredump > > I've seen. > > Thanks for the heads up. Looking forward for the patch to be applied > > officially. > > Would you be able to have additionally test the patch on your case to > confirm? That would be great and helpful for releasing the regression > update. > > Regards, > Salvatore > -- *Fabien Le Berre** Homme de la situation* 01 86 95 54 04 - 37 rue des Mathurins - 75008 Paris Le ven. 24 mars 2023 à 20:55, Salvatore Bonaccorso a écrit : > Hi, > > On Fri, Mar 24, 2023 at 05:17:34PM +0100, Fabien LE BERRE wrote: > > Yes it does look like the bug. The Backtrace looks a lot like the > coredump > > I've seen. > > Thanks for the heads up. Looking forward for the patch to be applied > > officially. > > Would you be able to have additionally test the patch on your case to > confirm? That would be great and helpful for releasing the regression > update. > > Regards, > Salvatore > -- *Fabien Le Berre** Homme de la situation* 01 86 95 54 04 - 37 rue des Mathurins - 75008 Paris
Bug#1033408: apache2: Segmentation fault + 503 on frontpage on 2.4.56-1
Hi, On Fri, Mar 24, 2023 at 05:17:34PM +0100, Fabien LE BERRE wrote: > Yes it does look like the bug. The Backtrace looks a lot like the coredump > I've seen. > Thanks for the heads up. Looking forward for the patch to be applied > officially. Would you be able to have additionally test the patch on your case to confirm? That would be great and helpful for releasing the regression update. Regards, Salvatore
Bug#1033408: apache2: Segmentation fault + 503 on frontpage on 2.4.56-1
Yes it does look like the bug. The Backtrace looks a lot like the coredump I've seen. Thanks for the heads up. Looking forward for the patch to be applied officially. Le ven. 24 mars 2023 à 17:06, 'Stefan Eissing' via Sysadmin < sysad...@dutiko.com> a écrit : > Might be related to https://bz.apache.org/bugzilla/show_bug.cgi?id=66539 > > > Am 24.03.2023 um 15:30 schrieb root : > > > > Package: apache2 > > Version: 2.4.56-1~deb11u1 > > Severity: important > > X-Debbugs-Cc: t...@security.debian.org > > > > Unattended-upgrades applied this new version on 22 march @ 6AM. Had > > Segmentation faults since then, 503 for customers on websites. Since we > > reverted back to 2.4.54, we've no more issues. Couldn't make any sense > > of coredump but can provide one if necessary. > > > > > > -- Package-specific info: > > > > -- System Information: > > Debian Release: 11.6 > > APT prefers stable-updates > > APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, > 'stable') > > Architecture: amd64 (x86_64) > > > > Kernel: Linux 5.10.0-18-amd64 (SMP w/32 CPU threads) > > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE > not set > > Shell: /bin/sh linked to /usr/bin/dash > > Init: systemd (via /run/systemd/system) > > LSM: AppArmor: enabled > > > > Versions of packages apache2 depends on: > > ii apache2-bin 2.4.56-1~deb11u1 > > ii apache2-data 2.4.56-1~deb11u1 > > ii apache2-utils2.4.56-1~deb11u1 > > ii dpkg 1.20.12 > > ii init-system-helpers 1.60 > > ii lsb-base 11.1.0 > > ii mime-support 3.66 > > ii perl 5.32.1-4+deb11u2 > > ii procps 2:3.3.17-5 > > > > Versions of packages apache2 recommends: > > ii ssl-cert 1.1.0+nmu1 > > > > Versions of packages apache2 suggests: > > pn apache2-doc > > pn apache2-suexec-pristine | apache2-suexec-custom > > ii lynx [www-browser] 2.9.0dev.6-3~deb11u1 > > > > Versions of packages apache2-bin depends on: > > ii libapr1 1.7.0-6+deb11u2 > > ii libaprutil1 1.6.1-5+deb11u1 > > ii libaprutil1-dbd-sqlite3 1.6.1-5+deb11u1 > > ii libaprutil1-ldap 1.6.1-5+deb11u1 > > ii libbrotli1 1.0.9-2+b2 > > ii libc62.31-13+deb11u5 > > ii libcrypt11:4.4.18-4 > > ii libcurl4 7.74.0-1.3+deb11u7 > > ii libjansson4 2.13.1-1.1 > > ii libldap-2.4-22.4.57+dfsg-3+deb11u1 > > ii liblua5.3-0 5.3.3-1.1+b1 > > ii libnghttp2-141.43.0-1 > > ii libpcre3 2:8.44-2+0~20210301.9+debian11~1.gbpa278ad > > ii libssl1.11.1.1n-0+deb11u4 > > ii libxml2 > 2.9.14+dfsg-0+0~20220524.12+debian11~1.gbpc5dc45 > > ii perl 5.32.1-4+deb11u2 > > ii zlib1g 1:1.2.11.dfsg-2+deb11u2 > > > > Versions of packages apache2-bin suggests: > > pn apache2-doc > > pn apache2-suexec-pristine | apache2-suexec-custom > > ii lynx [www-browser] 2.9.0dev.6-3~deb11u1 > > > > Versions of packages apache2 is related to: > > ii apache2 2.4.56-1~deb11u1 > > ii apache2-bin 2.4.56-1~deb11u1 > > > > -- Configuration Files: > > /etc/apache2/apache2.conf changed [not included] > > /etc/apache2/mods-available/mpm_event.conf changed [not included] > > /etc/apache2/ports.conf changed [not included] > > /etc/apache2/sites-available/000-default.conf changed [not included] > > > > -- no debconf information > > > > -- *Fabien Le Berre** Homme de la situation* 01 86 95 54 04 - 37 rue des Mathurins - 75008 Paris
Bug#1033408: apache2: Segmentation fault + 503 on frontpage on 2.4.56-1
Might be related to https://bz.apache.org/bugzilla/show_bug.cgi?id=66539 > Am 24.03.2023 um 15:30 schrieb root : > > Package: apache2 > Version: 2.4.56-1~deb11u1 > Severity: important > X-Debbugs-Cc: t...@security.debian.org > > Unattended-upgrades applied this new version on 22 march @ 6AM. Had > Segmentation faults since then, 503 for customers on websites. Since we > reverted back to 2.4.54, we've no more issues. Couldn't make any sense > of coredump but can provide one if necessary. > > > -- Package-specific info: > > -- System Information: > Debian Release: 11.6 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, > 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 5.10.0-18-amd64 (SMP w/32 CPU threads) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not > set > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages apache2 depends on: > ii apache2-bin 2.4.56-1~deb11u1 > ii apache2-data 2.4.56-1~deb11u1 > ii apache2-utils2.4.56-1~deb11u1 > ii dpkg 1.20.12 > ii init-system-helpers 1.60 > ii lsb-base 11.1.0 > ii mime-support 3.66 > ii perl 5.32.1-4+deb11u2 > ii procps 2:3.3.17-5 > > Versions of packages apache2 recommends: > ii ssl-cert 1.1.0+nmu1 > > Versions of packages apache2 suggests: > pn apache2-doc > pn apache2-suexec-pristine | apache2-suexec-custom > ii lynx [www-browser] 2.9.0dev.6-3~deb11u1 > > Versions of packages apache2-bin depends on: > ii libapr1 1.7.0-6+deb11u2 > ii libaprutil1 1.6.1-5+deb11u1 > ii libaprutil1-dbd-sqlite3 1.6.1-5+deb11u1 > ii libaprutil1-ldap 1.6.1-5+deb11u1 > ii libbrotli1 1.0.9-2+b2 > ii libc62.31-13+deb11u5 > ii libcrypt11:4.4.18-4 > ii libcurl4 7.74.0-1.3+deb11u7 > ii libjansson4 2.13.1-1.1 > ii libldap-2.4-22.4.57+dfsg-3+deb11u1 > ii liblua5.3-0 5.3.3-1.1+b1 > ii libnghttp2-141.43.0-1 > ii libpcre3 2:8.44-2+0~20210301.9+debian11~1.gbpa278ad > ii libssl1.11.1.1n-0+deb11u4 > ii libxml2 2.9.14+dfsg-0+0~20220524.12+debian11~1.gbpc5dc45 > ii perl 5.32.1-4+deb11u2 > ii zlib1g 1:1.2.11.dfsg-2+deb11u2 > > Versions of packages apache2-bin suggests: > pn apache2-doc > pn apache2-suexec-pristine | apache2-suexec-custom > ii lynx [www-browser] 2.9.0dev.6-3~deb11u1 > > Versions of packages apache2 is related to: > ii apache2 2.4.56-1~deb11u1 > ii apache2-bin 2.4.56-1~deb11u1 > > -- Configuration Files: > /etc/apache2/apache2.conf changed [not included] > /etc/apache2/mods-available/mpm_event.conf changed [not included] > /etc/apache2/ports.conf changed [not included] > /etc/apache2/sites-available/000-default.conf changed [not included] > > -- no debconf information >
Bug#1033408: apache2: Segmentation fault + 503 on frontpage on 2.4.56-1
Package: apache2 Version: 2.4.56-1~deb11u1 Severity: important X-Debbugs-Cc: t...@security.debian.org Unattended-upgrades applied this new version on 22 march @ 6AM. Had Segmentation faults since then, 503 for customers on websites. Since we reverted back to 2.4.54, we've no more issues. Couldn't make any sense of coredump but can provide one if necessary. -- Package-specific info: -- System Information: Debian Release: 11.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-18-amd64 (SMP w/32 CPU threads) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: ii apache2-bin 2.4.56-1~deb11u1 ii apache2-data 2.4.56-1~deb11u1 ii apache2-utils2.4.56-1~deb11u1 ii dpkg 1.20.12 ii init-system-helpers 1.60 ii lsb-base 11.1.0 ii mime-support 3.66 ii perl 5.32.1-4+deb11u2 ii procps 2:3.3.17-5 Versions of packages apache2 recommends: ii ssl-cert 1.1.0+nmu1 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii lynx [www-browser] 2.9.0dev.6-3~deb11u1 Versions of packages apache2-bin depends on: ii libapr1 1.7.0-6+deb11u2 ii libaprutil1 1.6.1-5+deb11u1 ii libaprutil1-dbd-sqlite3 1.6.1-5+deb11u1 ii libaprutil1-ldap 1.6.1-5+deb11u1 ii libbrotli1 1.0.9-2+b2 ii libc62.31-13+deb11u5 ii libcrypt11:4.4.18-4 ii libcurl4 7.74.0-1.3+deb11u7 ii libjansson4 2.13.1-1.1 ii libldap-2.4-22.4.57+dfsg-3+deb11u1 ii liblua5.3-0 5.3.3-1.1+b1 ii libnghttp2-141.43.0-1 ii libpcre3 2:8.44-2+0~20210301.9+debian11~1.gbpa278ad ii libssl1.11.1.1n-0+deb11u4 ii libxml2 2.9.14+dfsg-0+0~20220524.12+debian11~1.gbpc5dc45 ii perl 5.32.1-4+deb11u2 ii zlib1g 1:1.2.11.dfsg-2+deb11u2 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii lynx [www-browser] 2.9.0dev.6-3~deb11u1 Versions of packages apache2 is related to: ii apache2 2.4.56-1~deb11u1 ii apache2-bin 2.4.56-1~deb11u1 -- Configuration Files: /etc/apache2/apache2.conf changed [not included] /etc/apache2/mods-available/mpm_event.conf changed [not included] /etc/apache2/ports.conf changed [not included] /etc/apache2/sites-available/000-default.conf changed [not included] -- no debconf information