Your submission was sent successfully! Close

CVE-2014-8583

Published: 4 November 2014

mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.

Priority

Medium

Status

Package Release Status
mod-wsgi
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (3.3-4ubuntu0.2)
trusty
Released (3.4-4ubuntu2.1.14.04.2)
upstream
Released (4.2.4)
utopic
Released (3.5-1ubuntu0.1)
Patches:
upstream: https://github.com/GrahamDumpleton/mod_wsgi/commit/545354a80b9cc20d8b6916ca30542eab36c3b8bd