Package: libapache2-mod-auth-kerb Version: 5.3-1 Severity: important Hi,
It seems that libapache2-mod-auth-kerb is not fully thread-safe. It crashes Apache processes when running with apache2-mpm-worker: *** glibc detected *** double free or corruption (fasttop): 0xa9c0b298 *** [Mon Aug 11 15:42:09 2008] [notice] child pid 26327 exit signal Aborted (6) [Mon Aug 11 15:42:10 2008] [notice] child pid 26328 exit signal Segmentation fault (11) *** glibc detected *** double free or corruption (fasttop): 0x084bddf8 *** [Mon Aug 11 15:42:11 2008] [notice] child pid 31228 exit signal Aborted (6) [Mon Aug 11 15:42:13 2008] [notice] child pid 31257 exit signal Segmentation fault (11) [Mon Aug 11 15:42:14 2008] [notice] child pid 31258 exit signal Segmentation fault (11) *** glibc detected *** free(): invalid pointer: 0xa9c012e8 *** Steps to reproduce: 1. Login to an auth_kerb-protected page with username and password (not a Kerberos ticket). 2. Click the reload button fast a number of times in the browser. I'm marking the bug as important as there might be security issues here. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable'), (200, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages libapache2-mod-auth-kerb depends on: ii apa 2.2.3-4+etch5 Next generation, scalable, extenda ii krb 1.16 Configuration files for Kerberos V ii lib 2.3.6.ds1-13etch7 GNU C Library: Shared libraries ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library ii lib 1.4.4-7etch6 MIT Kerberos runtime libraries libapache2-mod-auth-kerb recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
