Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 636427

Summary: mod_ssl possible memory corruption
Product: Red Hat Enterprise Linux 5 Reporter: Joe Orton <jorton>
Component: httpdAssignee: Joe Orton <jorton>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.5   
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 652335 (view as bug list) Environment:
Last Closed: 2011-07-21 08:54:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joe Orton 2010-09-22 08:36:15 UTC 
Description of problem:
A bug has been found in mod_ssl where it uses memcpy in place of
memmove, which can cause random memory corruption.  Whilst this
has not been seen in RHEL-5 as yet, future changes to the glibc memcpy 
implementation may trigger this and break mod_ssl; it would be
prudent to fix this in the RHEL-5 httpd.  Some change to the 
Fedora/upstream glibc memcpy implementation (or possibly the gcc
inline memcpy) has been triggering new reports of this recently.

This is a relatively low-risk change; fix tested succesfully in 
Fedora.

Version-Release number of selected component (if applicable):
httpd-2.2.3-43.el5_5.3

How reproducible:
currently not known to be, in RHEL5
Comment 1 Joe Orton 2010-09-22 08:38:55 UTC 
For reference, Fedora bug 634905.
Comment 2 RHEL Program Management 2010-09-22 08:46:55 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 7 errata-xmlrpc 2011-07-21 08:54:08 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1067.html
Comment 8 errata-xmlrpc 2011-07-21 11:47:44 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1067.html