Advisories » MGASA-2014-0323

Updated apache-mod_wsgi package fixes security vulnerability

Publication date: 08 Aug 2014
Modification date: 08 Aug 2014
Type: security
Affected Mageia releases : 3 , 4

Description

apache-mod_wsgi before 4.2.4 contained an off-by-one error in applying a
limit to the number of supplementary groups allowed for a daemon process
group. The result could be that if more groups than the operating system
allowed were specified to the option supplementary-groups, then memory
corruption or a process crash could occur.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13831
• http://lists.opensuse.org/opensuse-updates/2014-07/msg00033.html

SRPMS

3/core

• apache-mod_wsgi-3.5-1.mga3

4/core

• apache-mod_wsgi-3.5-1.1.mga4