Описание
ELSA-2014-0788: mod_wsgi security update (IMPORTANT)
[3.2-6]
- fix for CVE-2014-0242 (#1104685)
[3.2-4]
- fix for CVE-2014-0240 (#1104687)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
mod_wsgi
3.2-6.el6_5
Oracle Linux i686
mod_wsgi
3.2-6.el6_5
Связанные CVE
Связанные уязвимости
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
mod_wsgi module before 3.4 for Apache, when used in embedded mode, mig ...
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.