Seems similar to #779077. mod_fcgid is not enabled on our server.
Regular cgi scripts are in use and one is quite likely running when
apache is reloaded. Using mpm_worker.
--
see shy jo
signature.asc
Description: PGP signature
Package: apache2
Version: 2.4.25-3+deb
Severity: normal
I woke up to a server with hundreds of apach2e -k graceful processes running.
This prevented any cgis from running since it was nearly out of process slots.
2142 ?SNs0:01 /usr/sbin/apache2 -k graceful
6007 ?SN 0:00
Thorsten Glaser wrote:
Florian Weimer dixit:
Historically, the OpenSSL command line tools have been intended for
debugging only.
I disagree, in the case of genrsa and friends anyway.
Me too, and openssl(1ssl) does not mention debugging or not for
production use or give any warnings. Also,
The amount of seed material required to generate a cryptographic key
equals the effective key size of the key. For example, a 3072-bit RSA
or Diffie-Hellman private key has an effective key size of 128 bits (it
requires about 2^128 operations to break) so a key
Package: apache2
Version: 2.4.4-5
Severity: normal
Running reportbug apache2 results in a lot of:
Unsuccessful stat on filename containing newline at
/usr/share/bug/apache2/script line 44.
Unsuccessful stat on filename containing newline at
/usr/share/bug/apache2/script line 44.
Unsuccessful
Package: apache2
Version: 2.4.4-5
Severity: normal
The init script no longer outputs anything when starting or stopping the
daemon. This is rather disconcerting when one is trying to restart
apache to deal with massive changes to the configuration system. (It's
also probably a policy violation.)
Package: apache2.2-common
Version: 2.2.22-13
Severity: normal
See attached graph.png. The 1+ gb memory plateau is due to apache, which
should normally be using more like 10 mb. I noticed this, and restarted
it. A few hours later it happened again. At that point, I was using
mpm-worker; I
Package: apache2-mpm-worker
Version: 2.2.15-2
Severity: minor
The package contains an empty /usr/lib/debug/usr/sbin, which seems to
have no purpose.
-- Package-specific info:
List of enabled modules from 'apache2 -M':
alias auth_basic authn_file authz_default authz_groupfile
authz_host
Daniel Leidert wrote:
Why isn't anybody of the official maintainers reacting or commenting on
this bug? There are 3(!) completely undocumented downgrades of a bug,
# holes depending on terminal exploits have not been treated as RC
I suspect that the above downgrade message from vorlon is the
Package: apache2.2-common
Version: 2.2.3-2
Severity: normal
# Commented out for Ubuntu
#RedirectMatch ^/$ /apache2-default/
Last I checked, I do not use Ubuntu, so this is very strange.
-- System Information:
Debian Release: testing/unstable
APT prefers
Package: apache2
This package depends/pre-depends on debconf without allowing the dependency
to be satisfied with an alternate of debconf-2.0. That is to say, its
dependency should read: debconf | debconf-2.0
Until this is fixed, it is impossible to use this package with cdebconf,
and very hard
notfound 322604 2.0.54-3
merge 307134 322604
thanks
Christian Hammers wrote:
Hello Apache maintainers,
please check if Debian is vulnerable to CAN-2005-1344 and make sure it
enters http://www.debian.org/security/crossreferences or the not-vulnerable
lists.
You can find a note that this bug
Package: apache2
Severity: normal
Tags: security
I've verified that the htdigest from apache2 has the buffer overflow
described at http://www.lucaercoli.it/advs/htdigest.txt
I dont know of any exploit vectors, as noted it doiesn't work unless
something passes user-supplied parameters to htdigest
Package: apache2-common
Version: 2.0.49-1
Severity: normal
Machines with apache2 freshly installed via the web server task have a
front page that looks like this:
Index of /
Icon NameLast modified Size Description
Package: apache2-common
Version: 2.0.49-1
Severity: wishlist
Apparently apache looks inside dot-directories of the conf.d and
sites-enabled directories, which means I cannot check them into svn with
the rest of my apache configuration.
[EMAIL PROTECTED]:/var/etc/init.d/apache2 start
Starting web
I can reproduce the problem with the documentroot.
--
see shy jo
signature.asc
Description: Digital signature
Package: ssl-cert
Severity: normal
Read and weep:
Configuration file `/etc/init.d/apache2'
== File on system created by you or by a script.
== File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package
Package: apache2-common
Version: 2.0.48-4
Severity: normal
Read this strace and weep:
stat64(/home/joey/html/blog/index.cgi, {st_mode=S_IFREG|0755, st_size=1538,
...}) = 0
..
fork(Process 3822 attached
..
[pid 3822] execve(/usr/lib/apache2/suexec2, [/usr/lib/apache2/suexec2,
~1000, 1000,
18 matches
Mail list logo
