Ubuntu Security Notice USN-2431-1
3rd December, 2014
mod-wsgi vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
mod_wsgi could be made to run programs with incorrect privileges.
Software description
- mod-wsgi
– Python WSGI adapter module for Apache
Details
It was discovered that mod_wsgi incorrectly handled errors when setting up
the working directory and group access rights. A malicious application
could possibly use this issue to cause a local privilege escalation when
using daemon mode.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
libapache2-mod-wsgi
3.5-1ubuntu0.1
-
libapache2-mod-wsgi-py3
3.5-1ubuntu0.1
- Ubuntu 14.04 LTS:
-
libapache2-mod-wsgi
3.4-4ubuntu2.1.14.04.2
-
libapache2-mod-wsgi-py3
3.4-4ubuntu2.1.14.04.2
- Ubuntu 12.04 LTS:
-
libapache2-mod-wsgi
3.3-4ubuntu0.2
-
libapache2-mod-wsgi-py3
3.3-4ubuntu0.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart your web service to make
all the necessary changes.