Medium: mod_wsgi

2018-04-05T16:14:00
ID ALAS2-2018-987
Type amazon
Reporter Amazon
Modified 2018-04-05T16:14:00

Description

Issue Overview:

Failure to handle errors when attempting to drop group privileges:
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. (CVE-2014-8583 __)

Affected Packages:

mod_wsgi

Issue Correction:
Run yum update mod_wsgi to update your system.

New Packages:

src:  
    mod_wsgi-3.4-12.amzn2.0.1.src

x86_64:  
    mod_wsgi-3.4-12.amzn2.0.1.x86_64  
    mod_wsgi-debuginfo-3.4-12.amzn2.0.1.x86_64