Two vulnerabilities have been found in mod_wsgi, the worst of which could result in local privilege escalation.
Package | www-apache/mod_wsgi on all architectures |
---|---|
Affected versions | < 3.5 |
Unaffected versions | >= 3.5 |
mod_wsgi is an Apache2 module for running Python WSGI applications.
Two vulnerabilities have been found in mod_wsgi:
A local attacker may be able to gain escalated privileges. Furthermore, a remote attacker may be able to obtain sensitive information.
There is no known workaround at this time.
All mod_wsgi users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apache/mod_wsgi-3.5"
Release date
December 13, 2014
Latest revision
December 13, 2014: 1
Severity
high
Exploitable
local, remote
Bugzilla entries