CVE-2014-8583
Published: 4 November 2014
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.
Priority
Status
Package | Release | Status |
---|---|---|
mod-wsgi Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(3.3-4ubuntu0.2)
|
|
trusty |
Released
(3.4-4ubuntu2.1.14.04.2)
|
|
upstream |
Released
(4.2.4)
|
|
utopic |
Released
(3.5-1ubuntu0.1)
|
|
Patches: upstream: https://github.com/GrahamDumpleton/mod_wsgi/commit/545354a80b9cc20d8b6916ca30542eab36c3b8bd |