[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1678 -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1678 -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
Copied to hardy-updates. ** Changed in: apache2 (Ubuntu Hardy) Status: Fix Committed = Fix Released -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
Copied to hardy-updates. ** Changed in: apache2 (Ubuntu Hardy) Status: Fix Committed = Fix Released -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
** Changed in: apache2 (Ubuntu Hardy) Target: None = ubuntu-8.04.1 -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
Verification step 1: I set up apache2 in hardy final and successfully reproduced the OOM condition. I will test the updated package with that setup, too. ** Changed in: apache2 (Ubuntu Hardy) Assignee: (unassigned) = Martin Pitt (pitti) -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
I upgraded to the hardy-proposed version and ran the hammering benchmark again. Memory was constantly acquired and released now and never got exhausted. I did both tests on a 256 MB VM. ** Tags added: verification-done ** Tags removed: verification-needed -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
I synced the fixed Debian version to intrepid. ** Changed in: apache2 (Ubuntu Intrepid) Status: In Progress = Fix Released -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
** Changed in: apache2 (Ubuntu Hardy) Target: None = ubuntu-8.04.1 ** Changed in: apache2 (Ubuntu Intrepid) Target: ubuntu-8.04.1 = None -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
Accepted into -proposed, please test and give feedback here ** Changed in: apache2 (Ubuntu Hardy) Status: New = Fix Committed Target: ubuntu-8.04.1 = None ** Tags added: verification-needed -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
Since Intrepid is a sync now, I take the intrepid task. ** Changed in: apache2 (Ubuntu Intrepid) Assignee: Dustin Kirkland (kirkland) = Martin Pitt (pitti) -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
** Changed in: apache2 (Ubuntu Hardy) Target: None = ubuntu-8.04.1 -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
Verification step 1: I set up apache2 in hardy final and successfully reproduced the OOM condition. I will test the updated package with that setup, too. ** Changed in: apache2 (Ubuntu Hardy) Assignee: (unassigned) = Martin Pitt (pitti) -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
Tests done, unassigning. ** Changed in: apache2 (Ubuntu Hardy) Assignee: Martin Pitt (pitti) = (unassigned) -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
I upgraded to the hardy-proposed version and ran the hammering benchmark again. Memory was constantly acquired and released now and never got exhausted. I did both tests on a 256 MB VM. ** Tags added: verification-done ** Tags removed: verification-needed -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
I synced the fixed Debian version to intrepid. ** Changed in: apache2 (Ubuntu Intrepid) Status: In Progress = Fix Released -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
** Summary changed: - memory leaks in apache2 when running mod_ssl + [SRU] memory leaks in apache2 when running mod_ssl -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
Depending on the system load apache with apache-mpm-worker and mod_ssl enabled will cause ssl to run out of memory and crash. The following patch resolves this issue. It will be needed to be ported to intrepid since it is also vulnerable to this condition. Steps to reproduce: (TEST CASE) 1. Install apache-mpm-worker and ssl-cert 2. Confgure the SSL cert according to https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html. 3. Use the following config in your /etc/apache2/sites-enabled/default. NameVirtualHost *:443 VirtualHost *:443 SSLEngine On SSLCertificateFile /etc/ssl/certs/ssl.pem DocumentRoot /var/www Directory / Options Indexes /Directory /VirtualHost 4. Run the following command: ab -n 10 -c 20 -f tls1 https://ip address:443/ You should get OOM errors in a couple of minutes of running the test. If you have any questions let me know. Regards chuck ** Attachment added: Patch that fixes the issue. http://launchpadlibrarian.net/14495602/060_fix_ssl_mem_leak.dpatch ** Changed in: openssl (Ubuntu Hardy) Status: New = Invalid ** Changed in: apache2 (Ubuntu Hardy) Importance: Undecided = High -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
2.2.8-4 with the patch has just been uploaded to Debian -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
** Summary changed: - memory leaks in apache2 when running mod_ssl + [SRU] memory leaks in apache2 when running mod_ssl -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
Depending on the system load apache with apache-mpm-worker and mod_ssl enabled will cause ssl to run out of memory and crash. The following patch resolves this issue. It will be needed to be ported to intrepid since it is also vulnerable to this condition. Steps to reproduce: (TEST CASE) 1. Install apache-mpm-worker and ssl-cert 2. Confgure the SSL cert according to https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html. 3. Use the following config in your /etc/apache2/sites-enabled/default. NameVirtualHost *:443 VirtualHost *:443 SSLEngine On SSLCertificateFile /etc/ssl/certs/ssl.pem DocumentRoot /var/www Directory / Options Indexes /Directory /VirtualHost 4. Run the following command: ab -n 10 -c 20 -f tls1 https://ip address:443/ You should get OOM errors in a couple of minutes of running the test. If you have any questions let me know. Regards chuck ** Attachment added: Patch that fixes the issue. http://launchpadlibrarian.net/14495602/060_fix_ssl_mem_leak.dpatch ** Changed in: openssl (Ubuntu Hardy) Status: New = Invalid ** Changed in: apache2 (Ubuntu Hardy) Importance: Undecided = High -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
2.2.8-4 with the patch has just been uploaded to Debian -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
