Hi,
> Here are some of the package versions that are installed:
> ii openssl1.1.0f-3+deb9u2
>
> ii libssl1.1:amd641.1.0f-3+deb9u2
...
> Then I tried guessing which child process would crash next and connected
> to it with gdb, looks like an issue in pdo_pgsql.so with PHP 7, stack is
> below.
>
> Should the bug be reassigned to the php-pgsql package? As we have a
> reproducible stack trace I feel it is now an RC issue too.
well with the webserver process segfaulting it's certainly not a davical
issue...
> Is there any other data I should gather before restarting the Apache
> process again? I can leave it like this for a couple of hours maximum.
>
>
> Thread 1 "apache2" received signal SIGSEGV, Segmentation fault.
> 0x7fa662662ed4 in ERR_clear_error () from
> target:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
> (gdb) bt
> #0 0x7fa662662ed4 in ERR_clear_error () from
> target:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
> #1 0x7fa66267dfe9 in ?? () from
> target:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
...and while I wasn't sure if it should rather be apache2, php7.0 or
openssl, I found
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903566 which seems to
segfault in the same place and happens to have a fix on the way to
stable-security since last night.
Do you want to try with openssl 1.1.0j-1~deb9u1 (make sure to restart
apache2 so all the children use the new libraries) and see if those
segfaults disappear?
Florian