Depending on the system load apache with apache-mpm-worker and mod_ssl enabled will cause ssl to run out of memory and crash. The following patch resolves this issue. It will be needed to be ported to intrepid since it is also vulnerable to this condition.
Steps to reproduce: (TEST CASE) 1. Install apache-mpm-worker and ssl-cert 2. Confgure the SSL cert according to https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html. 3. Use the following config in your /etc/apache2/sites-enabled/default. NameVirtualHost *:443 <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/ssl/certs/ssl.pem DocumentRoot /var/www <Directory /> Options Indexes </Directory> </VirtualHost> 4. Run the following command: ab -n 100000 -c 20 -f tls1 https://<ip address>:443/ You should get OOM errors in a couple of minutes of running the test. If you have any questions let me know. Regards chuck ** Attachment added: "Patch that fixes the issue." http://launchpadlibrarian.net/14495602/060_fix_ssl_mem_leak.dpatch ** Changed in: openssl (Ubuntu Hardy) Status: New => Invalid ** Changed in: apache2 (Ubuntu Hardy) Importance: Undecided => High -- [SRU] memory leaks in apache2 when running mod_ssl https://bugs.launchpad.net/bugs/224945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
