Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 536270 (CVE-2014-8583) - <www-apache/mod_wsgi-4.3.0: Privilege escalation vulnerability (CVE-2014-8583)
Summary: <www-apache/mod_wsgi-4.3.0: Privilege escalation vulnerability (CVE-2014-8583)
Status: RESOLVED FIXED
Alias: CVE-2014-8583
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa cve]
Keywords:
Depends on: 533312
Blocks:
  Show dependency tree
 
Reported: 2015-01-11 00:41 UTC by GLSAMaker/CVETool Bot
Modified: 2016-12-30 01:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-01-11 00:41:57 UTC
CVE-2014-8583 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8583):
  mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does
  not properly handle when group privileges cannot be dropped, which might
  allow attackers to gain privileges via unspecified vectors.


Maintainers, please call for stabilization on the version you would prefer to be the candidate.
Comment 1 Dirkjan Ochtman (RETIRED) gentoo-dev 2015-01-11 08:24:21 UTC
Bug 533312 was already open, so let's do 4.3.0?
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2016-12-30 01:25:57 UTC
This issue was resolved and addressed in
 GLSA 201612-49 at https://security.gentoo.org/glsa/201612-49
by GLSA coordinator Thomas Deutschmann (whissi).