- Package name
- Advisory ID
- Affected versions
- MBS1 x86_64
Multiple vulnerabilities has been discovered and corrected in
It was found that mod_wsgi did not properly drop privileges if
the call to setuid\(\) failed. If mod_wsgi was set up to allow
unprivileged users to run WSGI applications, a local user able to
run a WSGI application could possibly use this flaw to escalate their
privileges on the system (CVE-2014-0240).
It was discovered that mod_wsgi could leak memory of a hosted web
application via the Content-Type header. A remote attacker could
possibly use this flaw to disclose limited portions of the web
application's memory (CVE-2014-0242).
The updated packages have been patched to correct these issues.
b0dab0032790662dce72017097844afb mbs1/x86_64/apache-mod_wsgi-3.3-7.1.mbs1.x86_64.rpm 8f2adb300f9170b623cf4be749a31f60 mbs1/SRPMS/apache-mod_wsgi-3.3-7.1.mbs1.src.rpm