Bug#340337: CVE-2005-2970 exists in 2.0.54 too -- please fix stable branch

To: 340337@bugs.debian.org
Subject: Bug#340337: CVE-2005-2970 exists in 2.0.54 too -- please fix stable branch
From: FX <gentoo@sbcglobal.net>
Date: Sun, 11 Dec 2005 21:57:31 -0600
Message-id: <[🔎] 439CF52B.3070003@sbcglobal.net>
Reply-to: FX <gentoo@sbcglobal.net>, 340337@bugs.debian.org

This problem exists in Debian's stable branch with apache2-mpm-worker2.0.54.

It appears to have been fixed already in Ubuntu versions 4.10, 5.4, and5.10.


From http://www.ubuntulinux.org/usn/usn-225-1

"The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.9 (for Ubuntu 4.10), 2.0.53-5ubuntu5.4 (for
Ubuntu 5.04), or 2.0.54-5ubuntu3 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes."

A remote attacker can repeatedly trigger this memory leak and exhaustall the memory. Please fix and provide an update for the stablebranch. Thanks.

Reply to:

Prev by Date: Bug#241223: (no subject)
Next by Date: Bug#329288: marked as done (apache2-common: apache2ctl uses non-posix ulimit command)
Previous by thread: Bug#241223: (no subject)
Next by thread: Bug#329288: marked as done (apache2-common: apache2ctl uses non-posix ulimit command)
Index(es):
- Date
- Thread