238 matches found
CentOS Update for mod_wsgi CESA-2014:0788 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 6 : mod_wsgi (CESA-2014:0788)
An updated modwsgi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Scientific Linux Security Update : mod_wsgi on SL6.x i386/srpm/x86_64 (20140625)
It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. CVE-2014-0240...
RHEL 6 : mod_wsgi (RHSA-2014:0788)
An updated modwsgi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Oracle Linux 6 : mod_wsgi (ELSA-2014-0788)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2014-0788 advisory. - fix for CVE-2014-0242 1104685 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...
mod_wsgi security update
CentOS Errata and Security Advisory CESA-2014:0788 An updated modwsgi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...
mod_wsgi: possible privilege escalation in setuid() failure scenarios
It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: modwsgi i...
Important: Red Hat Security Advisory: mod_wsgi security update
An updated modwsgi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
mod_wsgi: information leak
modwsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread...
Important: Red Hat Security Advisory: python27-mod_wsgi and python33-mod_wsgi security update
Updated python27-modwsgi and python33-modwsgi packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives...
mod_wsgi: possible privilege escalation in setuid() failure scenarios
It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: modwsgi i...
mod_wsgi security update
3.2-6 - fix for CVE-2014-0242 1104685 3.2-4 - fix for CVE-2014-0240 1104687...
Fedora Update for mod_wsgi FEDORA-2014-6938
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mod_wsgi FEDORA-2014-6944
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 19 : mod_wsgi-3.5-1.fc19 (2014-6938)
http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.ht ml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 20 : mod_wsgi-3.5-1.fc20 (2014-6944)
http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.ht ml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
[SECURITY] Fedora 19 Update: mod_wsgi-3.5-1.fc19
The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime and for hosting WSGI applications within Apache has a lower overhead than using existi...
[SECURITY] Fedora 20 Update: mod_wsgi-3.5-1.fc20
The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime and for hosting WSGI applications within Apache has a lower overhead than using existi...
openSUSE Security Update : apache2-mod_wsgi (openSUSE-SU-2014:0782-1)
apache2-modwsgi was updated to fix two security issues. These security issues were fixed : - Information exposure CVE-2014-0242 - Local privilege escalation CVE-2014-0240 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...
CVE-2014-0240
The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...