Hi, > Here are some of the package versions that are installed:
> ii openssl 1.1.0f-3+deb9u2 > > ii libssl1.1:amd64 1.1.0f-3+deb9u2 ... > Then I tried guessing which child process would crash next and connected > to it with gdb, looks like an issue in pdo_pgsql.so with PHP 7, stack is > below. > > Should the bug be reassigned to the php-pgsql package? As we have a > reproducible stack trace I feel it is now an RC issue too. well with the webserver process segfaulting it's certainly not a davical issue... > Is there any other data I should gather before restarting the Apache > process again? I can leave it like this for a couple of hours maximum. > > > Thread 1 "apache2" received signal SIGSEGV, Segmentation fault. > 0x00007fa662662ed4 in ERR_clear_error () from > target:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 > (gdb) bt > #0 0x00007fa662662ed4 in ERR_clear_error () from > target:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 > #1 0x00007fa66267dfe9 in ?? () from > target:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 ...and while I wasn't sure if it should rather be apache2, php7.0 or openssl, I found https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903566 which seems to segfault in the same place and happens to have a fix on the way to stable-security since last night. Do you want to try with openssl 1.1.0j-1~deb9u1 (make sure to restart apache2 so all the children use the new libraries) and see if those segfaults disappear? Florian
