Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-0240

Published: 23 May 2014

The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.

Notes

AuthorNote
mdeslaur 
from upstream: The issue is believed to affect Linux systems
running kernel versions >= 2.6.0 and < 3.1.0.

Priority

Medium

Status

Package Release Status
mod-wsgi
Launchpad, Ubuntu, Debian 		lucid Ignored
(end of life)
precise
Released (3.3-4ubuntu0.1)
saucy
Released (3.4-4ubuntu2.1.13.10.1)
trusty
Released (3.4-4ubuntu2.1.14.04.1)
upstream
Released (3.5-1)
Patches:
upstream: https://github.com/GrahamDumpleton/mod_wsgi/commit/d9d5fea585b23991f76532a9b07de7fcd3b649f4

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading