ALAS2-2018-987

Amazon Linux 2 Security Advisory: ALAS-2018-987
Advisory Release Date: 2018-04-05 16:14 Pacific
Advisory Updated Date: 2018-04-05 23:25 Pacific

Severity: Medium

References: CVE-2014-8583
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Failure to handle errors when attempting to drop group privileges:
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. (CVE-2014-8583)

Affected Packages:

mod_wsgi

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update mod_wsgi to update your system.

New Packages:

src:
    mod_wsgi-3.4-12.amzn2.0.1.src

x86_64:
    mod_wsgi-3.4-12.amzn2.0.1.x86_64
    mod_wsgi-debuginfo-3.4-12.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2014-8583

Mitre: CVE-2014-8583