Your submission was sent successfully! Close

CVE-2014-8583

Published: 04 November 2014

mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.

Priority

Medium

Status

Package Release Status
mod-wsgi
Launchpad, Ubuntu, Debian
Upstream
Released (4.2.4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.4-4ubuntu2.1.14.04.2)
Patches:
Upstream: https://github.com/GrahamDumpleton/mod_wsgi/commit/545354a80b9cc20d8b6916ca30542eab36c3b8bd