[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-07-31 Thread Alexander Konovalenko
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1678

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-07-31 Thread Alexander Konovalenko
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1678

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-22 Thread Martin Pitt
Copied to hardy-updates.

** Changed in: apache2 (Ubuntu Hardy)
   Status: Fix Committed = Fix Released

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-22 Thread Martin Pitt
Copied to hardy-updates.

** Changed in: apache2 (Ubuntu Hardy)
   Status: Fix Committed = Fix Released

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-14 Thread Steve Langasek
** Changed in: apache2 (Ubuntu Hardy)
   Target: None = ubuntu-8.04.1

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-14 Thread Martin Pitt
Verification step 1: I set up apache2 in hardy final and successfully
reproduced the OOM condition. I will test the updated package with that
setup, too.

** Changed in: apache2 (Ubuntu Hardy)
 Assignee: (unassigned) = Martin Pitt (pitti)

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-14 Thread Martin Pitt
I upgraded to the hardy-proposed version and ran the hammering benchmark
again. Memory was constantly acquired and released now and never got
exhausted.

I did both tests on a 256 MB VM.

** Tags added: verification-done

** Tags removed: verification-needed

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-14 Thread Martin Pitt
I synced the fixed Debian version to intrepid.

** Changed in: apache2 (Ubuntu Intrepid)
   Status: In Progress = Fix Released

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-14 Thread Martin Pitt
** Changed in: apache2 (Ubuntu Hardy)
   Target: None = ubuntu-8.04.1

** Changed in: apache2 (Ubuntu Intrepid)
   Target: ubuntu-8.04.1 = None

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-14 Thread Martin Pitt
Accepted into -proposed, please test and give feedback here

** Changed in: apache2 (Ubuntu Hardy)
   Status: New = Fix Committed
   Target: ubuntu-8.04.1 = None

** Tags added: verification-needed

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-14 Thread Martin Pitt
Since Intrepid is a sync now, I take the intrepid task.

** Changed in: apache2 (Ubuntu Intrepid)
 Assignee: Dustin Kirkland (kirkland) = Martin Pitt (pitti)

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-14 Thread Steve Langasek
** Changed in: apache2 (Ubuntu Hardy)
   Target: None = ubuntu-8.04.1

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-14 Thread Martin Pitt
Verification step 1: I set up apache2 in hardy final and successfully
reproduced the OOM condition. I will test the updated package with that
setup, too.

** Changed in: apache2 (Ubuntu Hardy)
 Assignee: (unassigned) = Martin Pitt (pitti)

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-14 Thread Martin Pitt
Tests done, unassigning.

** Changed in: apache2 (Ubuntu Hardy)
 Assignee: Martin Pitt (pitti) = (unassigned)

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-14 Thread Martin Pitt
I upgraded to the hardy-proposed version and ran the hammering benchmark
again. Memory was constantly acquired and released now and never got
exhausted.

I did both tests on a 256 MB VM.

** Tags added: verification-done

** Tags removed: verification-needed

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-14 Thread Martin Pitt
I synced the fixed Debian version to intrepid.

** Changed in: apache2 (Ubuntu Intrepid)
   Status: In Progress = Fix Released

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-13 Thread Chuck Short
** Summary changed:

- memory leaks in apache2 when running mod_ssl
+ [SRU] memory leaks in apache2 when running mod_ssl

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-13 Thread Chuck Short
Depending on the system load apache with apache-mpm-worker and mod_ssl
enabled will cause ssl to run out of memory and crash. The following
patch resolves this issue. It will be needed to be ported to intrepid
since it is also vulnerable to this condition.

Steps to reproduce: (TEST CASE)

1. Install apache-mpm-worker and ssl-cert
2. Confgure the SSL cert according to 
https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html.
3. Use the following config in your /etc/apache2/sites-enabled/default.

NameVirtualHost *:443
VirtualHost *:443
 SSLEngine On
 SSLCertificateFile /etc/ssl/certs/ssl.pem
 DocumentRoot /var/www
 Directory /
  Options Indexes
 /Directory
/VirtualHost

4. Run the following command:

ab -n 10 -c 20 -f tls1 https://ip address:443/

You should get OOM errors in a couple of minutes of running the test.

If you have any questions let me know.

Regards
chuck


** Attachment added: Patch that fixes the issue.
   http://launchpadlibrarian.net/14495602/060_fix_ssl_mem_leak.dpatch

** Changed in: openssl (Ubuntu Hardy)
   Status: New = Invalid

** Changed in: apache2 (Ubuntu Hardy)
   Importance: Undecided = High

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-13 Thread sf
2.2.8-4 with the patch has just been uploaded to Debian

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-13 Thread Chuck Short
** Summary changed:

- memory leaks in apache2 when running mod_ssl
+ [SRU] memory leaks in apache2 when running mod_ssl

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-13 Thread Chuck Short
Depending on the system load apache with apache-mpm-worker and mod_ssl
enabled will cause ssl to run out of memory and crash. The following
patch resolves this issue. It will be needed to be ported to intrepid
since it is also vulnerable to this condition.

Steps to reproduce: (TEST CASE)

1. Install apache-mpm-worker and ssl-cert
2. Confgure the SSL cert according to 
https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html.
3. Use the following config in your /etc/apache2/sites-enabled/default.

NameVirtualHost *:443
VirtualHost *:443
 SSLEngine On
 SSLCertificateFile /etc/ssl/certs/ssl.pem
 DocumentRoot /var/www
 Directory /
  Options Indexes
 /Directory
/VirtualHost

4. Run the following command:

ab -n 10 -c 20 -f tls1 https://ip address:443/

You should get OOM errors in a couple of minutes of running the test.

If you have any questions let me know.

Regards
chuck


** Attachment added: Patch that fixes the issue.
   http://launchpadlibrarian.net/14495602/060_fix_ssl_mem_leak.dpatch

** Changed in: openssl (Ubuntu Hardy)
   Status: New = Invalid

** Changed in: apache2 (Ubuntu Hardy)
   Importance: Undecided = High

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl

2008-05-13 Thread sf
2.2.8-4 with the patch has just been uploaded to Debian

-- 
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs