Advisories » MGASA-2014-0513

Updated apache-mod_wsgi package fixes security vulnerability

Publication date: 05 Dec 2014
Modification date: 05 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8583

Description

It was discovered that mod_wsgi incorrectly handled errors when setting up
the working directory and group access rights. A malicious application
could possibly use this issue to cause a local privilege escalation when
using daemon mode (CVE-2014-8583).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14720
• http://www.ubuntu.com/usn/usn-2431-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8583

SRPMS

4/core

• apache-mod_wsgi-3.5-1.2.mga4