CVE-2014-8583

Published: 4 November 2014

mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.

Priority

Status

Package	Release	Status
mod-wsgi Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Released (3.3-4ubuntu0.2)
	trusty	Released (3.4-4ubuntu2.1.14.04.2)
	upstream	Released (4.2.4)
	utopic	Released (3.5-1ubuntu0.1)
	Patches: upstream: https://github.com/GrahamDumpleton/mod_wsgi/commit/545354a80b9cc20d8b6916ca30542eab36c3b8bd

References

http://modwsgi.readthedocs.org/en/latest/release-notes/version-4.2.4.html
http://www.openwall.com/lists/oss-security/2014/06/19/7
https://ubuntu.com/security/notices/USN-2431-1
https://www.cve.org/CVERecord?id=CVE-2014-8583
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.