You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Michele Mase' <mi...@gmail.com> on 2014/08/01 09:31:14 UTC
[users@httpd] CVE-2014-0226 vulnerability: mod_status.so was no longer ABI-compatible
After applying some vendor's patches (redhat and ubuntu), mod_status was
broken; as a workaround, disabling it solves the issue
Issue solved:
#LoadModule status_module modules/mod_status.so
#ExtendedStatus On
Issue is present:
LoadModule status_module modules/mod_status.so
ExtendedStatus On
Is it a vendor's related problem or is it apache's one?
Some suggestions?
ref. links:
https://rhn.redhat.com/errata/RHSA-2014-0920.html #bug is present
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1349288 #bug is present
Regards
Michele MAsè
Re: [users@httpd] CVE-2014-0226 vulnerability: mod_status.so was no
longer ABI-compatible
Posted by Michele Mase' <mi...@gmail.com>.
Restarting not solves the issue;
Issue solved:
#LoadModule status_module modules/mod_status.so
#ExtendedStatus On
Issue is present:
LoadModule status_module modules/mod_status.so
ExtendedStatus On
My httpd is rhel6.x
rpm -qi httpd
Name : httpd Relocations: (not relocatable)
Version : 2.2.3 Vendor: Red Hat, Inc.
Release : 87.el5_10 Build Date: Fri 18 Jul
2014 10:05:39 AM BST
I've opened a case to redhat support; I was hoping somebody else with
a vanilla httpd could have the same problem ...
http://mattiasgeniar.be/2014/07/28/httpd-cannot-load-mod_status-so-into-server-undefined-symbol-ap_copy_scoreboard_worker/
On Fri, Aug 1, 2014 at 2:04 PM, Eric Covener <co...@gmail.com> wrote:
> On Fri, Aug 1, 2014 at 3:31 AM, Michele Mase' <mi...@gmail.com>
> wrote:
> > After applying some vendor's patches (redhat and ubuntu), mod_status was
> > broken; as a workaround, disabling it solves the issue
>
> Does stopping and starting the server instead of restarting solve the
> issue? mod_status depends on httpd, and you're updating a running
> httpd and sending it a signal to re-read its configuration. You aren't
> actually running 2.4.10 after a restart.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] CVE-2014-0226 vulnerability: mod_status.so was no
longer ABI-compatible
Posted by Eric Covener <co...@gmail.com>.
On Fri, Aug 1, 2014 at 3:31 AM, Michele Mase' <mi...@gmail.com> wrote:
> After applying some vendor's patches (redhat and ubuntu), mod_status was
> broken; as a workaround, disabling it solves the issue
Does stopping and starting the server instead of restarting solve the
issue? mod_status depends on httpd, and you're updating a running
httpd and sending it a signal to re-read its configuration. You aren't
actually running 2.4.10 after a restart.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org