[Python-modules-team] Bug#748910: CVE-2014-0240: Possibility of local privilege escalation when using daemon, mode
Eric Sesterhenn
eric.sesterhenn at lsexperts.de
Mon May 26 08:05:45 UTC 2014
Hello,
I do not see the packages in the repository yet, is there anything I can
help with?
Regards, Eric
On 05/22/2014 01:44 PM, Felix Geyer wrote:
> On 2014-05-22 09:57, Eric Sesterhenn wrote:
>> Package: libapache2-mod-wsgi
>> Version: 3.3-4
>> Severity: critical
>> Tags: security
>> Justification: root security hole
>>
>> Dear Maintainer,
>>
>> as far as I can tell, CVE-2014-0240 affects the stable package of
>> mod-wsgi. The
>> patch provided by the mod-wsgi team applies wih fuzzing to the source
>> shipped
>> by debian. If a kernel >= 2.6.0 and < 3.1.0 is installed, this issue
>> might
>> allow local privilege escalation
>
> I'll upload fixed packages for squeeze and wheezy later today.
>
> Cheers,
> Felix
>
--
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschäftsführer: Oliver Michel, Sven Walther
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4011 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20140526/ee2dc79e/attachment.bin>
More information about the Python-modules-team
mailing list