Package: libapache-mod-ssl Version: 2.8.22-1sarge1 Severity: grave Tags: security Justification: user security hole
-- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.27-2-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages libapache-mod-ssl depends on: ii apache-common 1.3.33-6sarge3 support files for all Apache webse ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [ ii libexpat1 1.95.8-3 XML parsing C library - runtime li ii libssl0.9.7 0.9.7e-3sarge4 SSL shared libraries ii openssl 0.9.7e-3sarge4 Secure Socket Layer (SSL) binary a -- no debconf information Hi, The past week I've had four sarge boxes apache processes lockup. apachectl restart works without error, but the webservice is still not responding. Other methods (killall -9 + invoke-rc.d restart, etc.) are tried but still, no webservice and nothing in error.log to indicate a problem. Attaching a strace to the apache process, I see that it is in a loop complaining that /var/cache/apache/__db.ssl_cache.db already exists. Removing this file and restarting fixes the problem. Also I notice in these situations that there are hundreds of ssl.mutex* files in /var/log/apache. Possible DoS attack in the wild? I wouldn't think so but it's been the same thing on four different servers in a week... I'm going to post to some lug mailing lists later today to see if anyone else is seeing this. Best Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
