On Tue, Jun 20, 2017 at 9:01 PM Ben Hutchings <b...@decadent.org.uk> wrote:
> > > > I'm administering several Debian servers of which some are Jessie and > > some are Stretch. On both of them after upgrading to latest kernel that > > was released yesterday (4.9 on Stretch and 3.16 on Jessie), Java web > > applications do not work any more. They stop with SIGSEGV in the Java > > startup process. > > So I think you meant to report this against versions 3.16.43-2+deb8u1 > and 4.9.30-2+deb9u1, not 4.9.30-2. Is that right? > Correct. > > Have tried more different Java web applications and while booting all of > > them break with SIGSEGV while Java internaly loads rt.jar. > > > > Have tried with Oracle Java 1.8.0_130, Oracje Java 1.8.0_131 and latest > > OpenJDK 8 and the same error happens. > > > > Even the servers on which this is tried are from different hosting > > companies. > [...] > > Does this go away if you add the kernel parameter "stack_guard_gap=1"? > (That should effectively revert the fix for CVE-2017-1000364.) > Yes, it goes away with this kernel parameter. > Has the stack limit for these applications been changed from the > default (e.g. "ulimit -s unlimited" in a startup script)? > No, they are on default values. Sasa
