Security
Security
A vulnerability in mod_wsgi could lead to privilege escalation.
| Package | www-apache/mod_wsgi on all architectures |
|---|---|
| Affected versions | < 4.3.0 |
| Unaffected versions | >= 4.3.0 |
mod_wsgi is an Apache2 module for running Python WSGI applications.
mod_wsgi, when creating a daemon process group, does not properly handle dropping group privileges.
Context-dependent attackers could escalate privileges due to the improper handling of group privileges.
There is no known workaround at this time.
All mod_wsgi users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apache/mod_wsgi-4.3.0"
Release date
December 30, 2016
Latest revision
December 30, 2016: 1
Severity
normal
Exploitable
local, remote
Bugzilla entries