RedHatRHSA-2014:1091(RHSA-2014:1091) Important: mod_wsgi security update
0.0004 Low
EPSS
Percentile
5.1%
The mod_wsgi adapter is an Apache module that provides a WSGI-compliant
interface for hosting Python-based web applications within Apache.
It was found that mod_wsgi did not properly drop privileges if the call to
setuid() failed. If mod_wsgi was set up to allow unprivileged users to run
WSGI applications, a local user able to run a WSGI application could
possibly use this flaw to escalate their privileges on the system.
(CVE-2014-0240)
Note: mod_wsgi is not intended to provide privilege separation for WSGI
applications. Systems relying on mod_wsgi to limit or sandbox the
privileges of mod_wsgi applications should migrate to a different solution
with proper privilege separation.
Red Hat would like to thank Graham Dumpleton for reporting this issue.
Upstream acknowledges RΓ³bert Kisteleki as the original reporter.
All mod_wsgi users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | x86_64 | mod_wsgi-debuginfo | <Β 3.4-12.el7_0 | mod_wsgi-debuginfo-3.4-12.el7_0.x86_64.rpm |
| RedHat | 7 | ppc64 | mod_wsgi-debuginfo | <Β 3.4-12.el7_0 | mod_wsgi-debuginfo-3.4-12.el7_0.ppc64.rpm |
| RedHat | 7 | s390x | mod_wsgi-debuginfo | <Β 3.4-12.el7_0 | mod_wsgi-debuginfo-3.4-12.el7_0.s390x.rpm |
| RedHat | 7 | x86_64 | mod_wsgi | <Β 3.4-12.el7_0 | mod_wsgi-3.4-12.el7_0.x86_64.rpm |
| RedHat | 7 | s390x | mod_wsgi | <Β 3.4-12.el7_0 | mod_wsgi-3.4-12.el7_0.s390x.rpm |
| RedHat | 7 | ppc64 | mod_wsgi | <Β 3.4-12.el7_0 | mod_wsgi-3.4-12.el7_0.ppc64.rpm |
| RedHat | 7 | src | mod_wsgi | <Β 3.4-12.el7_0 | mod_wsgi-3.4-12.el7_0.src.rpm |
Related
