[Bug 1322338] Re: CVE 2014-0240 and CVE 2014-0242

Launchpad Bug Tracker 1322338 at bugs.launchpad.net
Mon May 26 12:25:27 UTC 2014


This bug was fixed in the package mod-wsgi - 3.3-4ubuntu0.1

---------------
mod-wsgi (3.3-4ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Fix possibility of local privilege escalation when
    using daemon mode. (LP: #1322338)
    - Only systems running kernel versions >= 2.6 and < 3.1 are affected.
    - CVE-2014-0240
    - debian/patches/CVE-2014-0240.patch: backport upstream commit
  * SECURITY UPDATE: Fix possibility of disclosure via Content-Type response
    header.
    - CVE-2014-0242
    - debian/patches/CVE-2014-0242.patch: backport upstream commit
 -- Felix Geyer <debfx at ubuntu.com>   Thu, 22 May 2014 22:42:28 +0200

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mod-wsgi in Ubuntu.
https://bugs.launchpad.net/bugs/1322338

Title:
  CVE 2014-0240 and CVE 2014-0242

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mod-wsgi/+bug/1322338/+subscriptions



More information about the Ubuntu-server-bugs mailing list