** Description changed: - Ubuntu Trusty Tahr 14.04 + [Impact] - apache2: - Installed: 2.4.7-1ubuntu1 - Candidate: 2.4.7-1ubuntu1 - Version table: - *** 2.4.7-1ubuntu1 0 - 500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages - 100 /var/lib/dpkg/status + * An explanation of the effects of the bug on users and - Just maked a following steps: - - sudo apt-get update - - sudo apt-get upgrade + * justification for backporting the fix to the stable release. - ProblemType: Crash - DistroRelease: Ubuntu 14.04 - Package: apache2-bin 2.4.7-1ubuntu1 - ProcVersionSignature: Ubuntu 3.13.0-4.19-generic 3.13.0-rc8 - Uname: Linux 3.13.0-4-generic x86_64 - NonfreeKernelModules: nvidia - ApportVersion: 2.13.1-0ubuntu2 - Architecture: amd64 - Date: Sun Jan 26 00:07:10 2014 - ExecutablePath: /usr/sbin/apache2 - InstallationDate: Installed on 2012-12-19 (402 days ago) - InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64+mac (20111012) - ProcCmdline: /usr/sbin/apache2 -k start - ProcEnviron: - PATH=(custom, no user) - LANG=C - SegvAnalysis: - Segfault happened at: 0x7f197ce45bb2: and %al,(%rax) - PC (0x7f197ce45bb2) ok - source "%al" ok - destination "(%rax)" (0x00000000) not located in a known VMA region (needed writable region)! - SegvReason: writing NULL VMA - Signal: 11 - SourcePackage: apache2 - StacktraceTop: - ?? () from /usr/lib/apache2/modules/mod_cgid.so - <signal handler called> - __accept_nocancel () at ../sysdeps/unix/syscall-template.S:81 - ?? () from /usr/lib/apache2/modules/mod_cgid.so - ?? () from /usr/lib/apache2/modules/mod_cgid.so - Title: apache2 crashed with SIGSEGV in <signal handler called>() - UpgradeStatus: Upgraded to trusty on 2013-11-10 (76 days ago) - UserGroups: + * In addition, it is helpful, but not required, to include an + explanation of how the upload fixes this bug. + + [Test Case] + + * install the packages on the Ubuntu release you are testing: + $ sudo apt install apache2 libapache2-mod-auth-pgsql postgresql + + * create the database and populate it with the test user: + $ sudo -u postgres -H createdb userdb + $ sudo -u postgres -H psql userdb -c "CREATE TABLE UserLogin (Username text, ApachePassword text);" + $ sudo -u postgres -H psql userdb -c "INSERT INTO UserLogin VALUES ('ubuntu', 'secret');" + + * Create the DB user the module will use and grant access to the user table: + $ sudo -u postgres -H psql postgres -c "CREATE ROLE www UNENCRYPTED PASSWORD 'password' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" + $ sudo -u postgres -H psql userdb -c "GRANT SELECT ON TABLE userlogin TO www;" + + * Create /etc/apache2/conf-available/authpgtest.conf with the following content: + Alias /authpgtest /export/scratch/authpgtest + <Directory /export/scratch/authpgtest/> + Options +ExecCGI +FollowSymLinks + AddHandler cgi-script .pl + AuthType basic + AuthName "My Auth" + Require valid-user + AuthBasicProvider pgsql + Auth_PG_authoritative On + Auth_PG_host 127.0.0.1 + Auth_PG_port 5432 + Auth_PG_user www + Auth_PG_pwd password + Auth_PG_database userdb + Auth_PG_encrypted off + Auth_PG_pwd_table UserLogin + Auth_PG_uid_field Username + Auth_PG_pwd_field ApachePassword + </Directory> + + * Enable this new configuration: + $ sudo a2enconf authpgtest.conf + + * Enable the auth-pgsql and cgi modules and then restart apache: + $ for n in 000_auth_pgsql cgi; do sudo a2enmod $n; done + $ sudo service apache2 restart + + * Create the CGI directory for our script: + $ sudo mkdir -p /export/scratch/authpgtest + + * Create the CGI script /export/scratch/authpgtest/hw.pl with the following contents: + #!/usr/bin/perl + print "Content-type: text/html\n\n"; + print "Hello, World!\n"; + + * Make it executable: + $ sudo chmod 0755 /export/scratch/authpgtest/hw.pl + + + * Access the http://ubuntu:secret@localhost/authpgtest/hw.pl URL a few times while tailing /var/log/apache/error.log. After a few tries it will fail, and apache will log a segfault: + $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl + Hello, World! + $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl + Hello, World! + $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl + curl: (52) Empty reply from server + + In /var/log/apache2/error.log: + *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x00007fa9340007c8 *** + [Wed Jul 19 20:43:57.077960 2017] [core:notice] [pid 10926:tid 140365262006144] AH00051: child pid 10930 exit signal Aborted (6), possible coredump in /etc/apache2 + + + After installing the fixed libapache2-mod-auth-pgsql package, all attempts will work. + + + [Regression Potential] + + * discussion of how regressions are most likely to manifest as a result + of this change. + + * It is assumed that any SRU candidate patch is well-tested before + upload and has a low overall risk of regression, but it's important + to make the effort to think about what ''could'' happen in the + event of a regression. + + * This both shows the SRU team that the risks have been considered, + and provides guidance to testers in regression-testing the SRU. + + [Other Info] + + * Anything else you think is useful to include + * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board + * and address these questions in advance
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
