httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michele Mase'" <michele.m...@gmail.com>
Subject Re: [users@httpd] CVE-2014-0226 vulnerability: mod_status.so was no longer ABI-compatible
Date Tue, 05 Aug 2014 08:53:45 GMT
Restarting not solves the issue;

Issue solved:
#LoadModule status_module modules/mod_status.so
#ExtendedStatus On

Issue is present:
LoadModule status_module modules/mod_status.so
ExtendedStatus On

My httpd is rhel6.x
rpm -qi httpd
Name        : httpd                        Relocations: (not relocatable)
Version     : 2.2.3                             Vendor: Red Hat, Inc.
Release     : 87.el5_10                     Build Date: Fri 18 Jul
2014 10:05:39 AM BST

I've opened a case to redhat support; I was hoping somebody else with
a vanilla httpd could have the same problem ...
http://mattiasgeniar.be/2014/07/28/httpd-cannot-load-mod_status-so-into-server-undefined-symbol-ap_copy_scoreboard_worker/



On Fri, Aug 1, 2014 at 2:04 PM, Eric Covener <covener@gmail.com> wrote:

> On Fri, Aug 1, 2014 at 3:31 AM, Michele Mase' <michele.mase@gmail.com>
> wrote:
> > After applying some vendor's patches (redhat and ubuntu), mod_status was
> > broken; as a workaround, disabling it solves the issue
>
> Does stopping and starting the server instead of restarting solve the
> issue?   mod_status depends on httpd, and you're updating a running
> httpd and sending it a signal to re-read its configuration. You aren't
> actually running 2.4.10 after a restart.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message