PublicDateAtUSN: 2014-11-04
Candidate: CVE-2014-8583
PublicDate: 2014-12-16 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8583
 http://modwsgi.readthedocs.org/en/latest/release-notes/version-4.2.4.html
 http://www.openwall.com/lists/oss-security/2014/06/19/7
 https://ubuntu.com/security/notices/USN-2431-1
Description:
 mod_wsgi before 4.2.4 for Apache, when creating a daemon process group,
 does not properly handle when group privileges cannot be dropped, which
 might allow attackers to gain privileges via unspecified vectors.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_mod-wsgi:
 upstream: https://github.com/GrahamDumpleton/mod_wsgi/commit/545354a80b9cc20d8b6916ca30542eab36c3b8bd
upstream_mod-wsgi: released (4.2.4)
lucid_mod-wsgi: ignored (reached end-of-life)
precise_mod-wsgi: released (3.3-4ubuntu0.2)
trusty_mod-wsgi: released (3.4-4ubuntu2.1.14.04.2)
trusty/esm_mod-wsgi: released (3.4-4ubuntu2.1.14.04.2)
utopic_mod-wsgi: released (3.5-1ubuntu0.1)
devel_mod-wsgi: not-affected (4.3.0-1)