Two vulnerabilities have been found in mod_wsgi, the worst of which could result in local privilege escalation.
|Package||www-apache/mod_wsgi on all architectures|
|Affected versions||< 3.5|
|Unaffected versions||>= 3.5|
mod_wsgi is an Apache2 module for running Python WSGI applications.
Two vulnerabilities have been found in mod_wsgi:
A local attacker may be able to gain escalated privileges. Furthermore, a remote attacker may be able to obtain sensitive information.
There is no known workaround at this time.
All mod_wsgi users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apache/mod_wsgi-3.5"
December 13, 2014
December 13, 2014: 1