Ubuntu Update For Mod-wsgi USN-2222-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

R&#243 bert Kisteleki discovered mod_wsgi incorrectly checked setuid return values. A malicious application could use this issue to cause a local privilege escalation when using daemon mode. (CVE-2014-0240) Buck Golemon discovered that mod_wsgi used memory that had been freed. A remote attacker could use this issue to read process memory via the Content-Type response header. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0242)

Affected

mod-wsgi on Ubuntu 14.04 LTS , Ubuntu 13.10 , Ubuntu 12.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-May/002523.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0240, CVE-2014-0242

CVSS	Base Score: 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for dbus vulnerabilities USN-653-1
Ubuntu Update for cinder USN-1731-1
Ubuntu Update for apache2 USN-1368-1
Ubuntu Update for apparmor USN-1676-1
Ubuntu Update for colord USN-1289-1

Ubuntu Update for mod-wsgi USN-2222-1

Take action and discover your vulnerabilities