>
> I'm administering several Debian servers of which some are Jessie and
> some are Stretch. On both of them after upgrading to latest kernel that
> was released yesterday (4.9 on Stretch and 3.16 on Jessie), Java web
> applications do not work any more. They stop with SIGSEGV in the Java
> startup process.
So I think you meant to report this against versions 3.16.43-2+deb8u1
and 4.9.30-2+deb9u1, not 4.9.30-2. Is that right?
Correct.
> Have tried more different Java web applications and while booting all of
> them break with SIGSEGV while Java internaly loads rt.jar.
>
> Have tried with Oracle Java 1.8.0_130, Oracje Java 1.8.0_131 and latest
> OpenJDK 8 and the same error happens.
>
> Even the servers on which this is tried are from different hosting
> companies.
[...]
Does this go away if you add the kernel parameter "stack_guard_gap=1"?
(That should effectively revert the fix for CVE-2017-1000364.)
Yes, it goes away with this kernel parameter.
Has the stack limit for these applications been changed from the
default (e.g. "ulimit -s unlimited" in a startup script)?
No, they are on default values.
Sasa