On Wed, Dec 13, 2006 at 10:08:21AM -0800, Mark Symonds wrote:
> Package: libapache-mod-ssl
> Version: 2.8.22-1sarge1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> The past week I've had four sarge boxes apache processes lockup.
> apachectl restart works without error, but the webservice is still not
> responding. Other methods (killall -9 + invoke-rc.d restart, etc.) are
> tried but still, no webservice and nothing in error.log to indicate a
> problem.
>
> Attaching a strace to the apache process, I see that it is in a loop
> complaining that /var/cache/apache/__db.ssl_cache.db already exists.
> Removing this file and restarting fixes the problem.
>
> Also I notice in these situations that there are hundreds of ssl.mutex*
> files in /var/log/apache.
>
> Possible DoS attack in the wild? I wouldn't think so but it's been the same
> thing on four different servers in a week... I'm going to post to some lug
> mailing lists later today to see if anyone else is seeing this.
I haven't heard other reports about such crashes. Are all the machines identical
in the installed software; are all running plain Sarge?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
