[Python-modules-team] Bug#748910: CVE-2014-0240: Possibility of local privilege escalation when using daemon, mode
Felix Geyer
fgeyer at debian.org
Thu May 22 11:44:53 UTC 2014
On 2014-05-22 09:57, Eric Sesterhenn wrote:
> Package: libapache2-mod-wsgi
> Version: 3.3-4
> Severity: critical
> Tags: security
> Justification: root security hole
>
> Dear Maintainer,
>
> as far as I can tell, CVE-2014-0240 affects the stable package of
> mod-wsgi. The
> patch provided by the mod-wsgi team applies wih fuzzing to the source
> shipped
> by debian. If a kernel >= 2.6.0 and < 3.1.0 is installed, this issue
> might
> allow local privilege escalation
I'll upload fixed packages for squeeze and wheezy later today.
Cheers,
Felix
More information about the Python-modules-team
mailing list