Bug 60680 - php security upgrade breaks apache (coredumps)
Summary: php security upgrade breaks apache (coredumps)
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: php   
(Show other bugs)
Version: 7.2
Hardware: i386 Linux
Target Milestone: ---
Assignee: Phil Copeland
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2002-03-04 19:44 UTC by stefan+rhbugs
Modified: 2007-04-18 16:40 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-03-07 22:25:21 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description stefan+rhbugs 2002-03-04 19:44:18 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0

Description of problem:
I downloaded and installed the fix for the "apache+php" remote exploit, 4.0.6-
12, and afterwards apache will not start.
strace -o st -f /etc/init.d/httpd start 

reveals that apache coredumps:

21982 munmap(0x42b8e000, 153472)        = 0
21982 --- SIGSEGV (Segmentation fault) ---
21980 --- SIGCHLD (Child exited) ---
21980 _exit(0)                          = ?

however, by starting /usr/sbin/httpd, apache starts fine. This is because the 
parameters to load modules are not set. (but then, php/ssl etc modules are not 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. rpm -Uvh php{,-imap,-ldap,-mysql}-4.0.6-12.rpm expat-1.95.1-7.rpm
2. /etc/init.d/httpd restart    --- httpd claims to have started OK, but has 
infact not.
3. Downgrade to the older PHP and everything works OK

Actual Results:  apache coredumped

Expected Results:  apache should be running

Additional info:

The system is a RH7.1 with apache/ldap/ssl upgraded to the 7.2 versions, so a 
library inconsistency could be the problem. However, then the RPM dependencies 
should be set to indicate which versions were needed.

Comment 1 Nalin Dahyabhai 2002-03-05 20:02:25 UTC
Do you have the glibc update for RHL 7.1 or RHL 7.2 installed?  There was a
dynamic linker bug which was excercised by php which might not have been fixed
yet in the stock glibc for RHL 7.1.

Comment 2 stefan+rhbugs 2002-03-07 22:25:16 UTC

.. solved my problem.

I suggest that the PHP rpm's have a versioned depends on this particular glibc 
version ... so if php is installed, atleast 2.2.4-19.3 of glibc would be 
required. Not everyone wants to touch production systems by always installing 
the latest updates of every package... but to close the PHP bug, php had to be 
installed. and hence, it would be nice to be "forced" to install the 
(implicitly) required glibc version.

Thanks anyway for quick resolution of the matter.


Note You need to log in before you can comment on or make changes to this bug.