GLSA-201612-49 : mod_wsgi: Privilege escalation
Medium Nessus Plugin ID 96224
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201612-49 (mod_wsgi: Privilege escalation)
mod_wsgi, when creating a daemon process group, does not properly handle dropping group privileges.
Context-dependent attackers could escalate privileges due to the improper handling of group privileges.
There is no known workaround at this time.
SolutionAll mod_wsgi users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-apache/mod_wsgi-4.3.0'