Apache 2.4.41 corrupts files from samba share

Bug #1930921 reported by Fabian
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
linux (Ubuntu)
samba (Ubuntu)

Bug Description

Wenn I serve a samba share with apache 2.4.41 on Ubuntu 20.04 then some files have a corrupt header during transmission. It seems that the first few bytes of the headers are truncated and sometimes other bytes of the download are not belonging to the file.

A workaround I found that works is to set "EnableMMAP Off" in the apache config.

See other bug reports like this:


This is most probably not a bug in Ubuntu itself but I am reporting it here since I assume that a data corruption bug is seen as critical.

I am also marking it as a security vulnerability since it seems that wrong parts of memory get exposed during file download. I don't know how random the exposed memory is and if it potentially could expose e.g. secrets.
Please feel free to remove the security vulnerability flag if your assessment leads to a different conclusion.

Revision history for this message
Fabian (fsturm) wrote :
information type: Private Security → Public Security
Revision history for this message
Seth Arnold (seth-arnold) wrote :

I've added a few more packages to the bug; nothing in the various links suggested to me that anyone has yet identified where the fault lies.


Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

I'll leave any security assessment and security-based prioritisation for the security team.

From a non-security perspective, I think this is of low priority since it only affects an unusual end-user configuration that is likely to affect only a very small minority of users. Feel free to continue to use this bug to track the problem, but I do not expect anyone else to spend time looking into this soon.

Steve Beattie (sbeattie)
Changed in apache2 (Ubuntu):
status: New → Confirmed
Changed in samba (Ubuntu):
status: New → Confirmed
Changed in linux (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers