[Bug 1322338] Re: CVE 2014-0240 and CVE 2014-0242
Launchpad Bug Tracker
1322338 at bugs.launchpad.net
Mon May 26 12:25:27 UTC 2014
This bug was fixed in the package mod-wsgi - 3.3-4ubuntu0.1
---------------
mod-wsgi (3.3-4ubuntu0.1) precise-security; urgency=medium
* SECURITY UPDATE: Fix possibility of local privilege escalation when
using daemon mode. (LP: #1322338)
- Only systems running kernel versions >= 2.6 and < 3.1 are affected.
- CVE-2014-0240
- debian/patches/CVE-2014-0240.patch: backport upstream commit
* SECURITY UPDATE: Fix possibility of disclosure via Content-Type response
header.
- CVE-2014-0242
- debian/patches/CVE-2014-0242.patch: backport upstream commit
-- Felix Geyer <debfx at ubuntu.com> Thu, 22 May 2014 22:42:28 +0200
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mod-wsgi in Ubuntu.
https://bugs.launchpad.net/bugs/1322338
Title:
CVE 2014-0240 and CVE 2014-0242
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mod-wsgi/+bug/1322338/+subscriptions
More information about the Ubuntu-server-bugs
mailing list