Amazon Linux AMI : mod24_wsgi (ALAS-2014-375)

It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: modwsgi i...

[DLA 25-2] python2.6 regression update

Package : python2.6 Version : 2.6.6-8+deb6u2 A regression has been identified in the python2.6 update of DLA-25-1, which may cause python applications to abort if they were running during the upgrade but they had not already imported the os module, and do so after the upgrade. This update fixes...

Important: mod_wsgi

Issue Overview: It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system...

Researchers Reverse Engineer Dropbox

Researchers have cracked open cloud storage service Dropbox, reverse engineering the encryption protecting the client in order to open it up to further security analysis. The engineers, Dhiru Kholia of Openwall and Przemyslaw Wegrzyn of CodePainters, also managed to demonstrate how to use...

Python 2.5 - PyLocale_strxfrm Remote Information Leak

Python 2.5 - PyLocalestrxfrm Remote Information Leak source: https://www.securityfocus.com/bid/23887/info Python applications that use the 'PyLocalestrxfrm' function are prone to an information leak. Exploiting this issue allows remote attackers to read portions of memory. Python 2.4.4-2 and 2.5...