GLSA-201412-21 : mod_wsgi: Privilege escalation
Medium Nessus Plugin ID 79974
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201412-21 (mod_wsgi: Privilege escalation)
Two vulnerabilities have been found in mod_wsgi:
Error codes returned by setuid are not properly handled (CVE-2014-0240) A memory leak exists via the “Content-Type” header (CVE-2014-0242) Impact :
A local attacker may be able to gain escalated privileges. Furthermore, a remote attacker may be able to obtain sensitive information.
There is no known workaround at this time.
SolutionAll mod_wsgi users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-apache/mod_wsgi-3.5'