Amazon Linux 1 Security Advisory: ALAS-2018-987
Advisory Release Date: 2018-04-26 16:33 Pacific
Advisory Updated Date: 2018-04-26 21:47 Pacific
Failure to handle errors when attempting to drop group privileges
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. (CVE-2014-8583)
Affected Packages:
mod24_wsgi
Issue Correction:
Run yum update mod24_wsgi to update your system.
i686:
mod24_wsgi-python35-3.5-1.25.amzn1.i686
mod24_wsgi-python26-3.5-1.25.amzn1.i686
mod24_wsgi-python27-3.5-1.25.amzn1.i686
mod24_wsgi-python36-3.5-1.25.amzn1.i686
mod24_wsgi-debuginfo-3.5-1.25.amzn1.i686
mod24_wsgi-python34-3.5-1.25.amzn1.i686
src:
mod24_wsgi-3.5-1.25.amzn1.src
x86_64:
mod24_wsgi-python35-3.5-1.25.amzn1.x86_64
mod24_wsgi-python36-3.5-1.25.amzn1.x86_64
mod24_wsgi-debuginfo-3.5-1.25.amzn1.x86_64
mod24_wsgi-python26-3.5-1.25.amzn1.x86_64
mod24_wsgi-python27-3.5-1.25.amzn1.x86_64
mod24_wsgi-python34-3.5-1.25.amzn1.x86_64