Bug 13724

Summary: multiple vulnerabilities in apache-mod_wsgi (CVE-2014-0240, CVE-2014-0242)
Product: Mageia Reporter: Oden Eriksson <oe>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 3   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: apache-mod_wsgi CVE:
Status comment:

Description Oden Eriksson 2014-07-11 10:09:39 CEST 
https://rhn.redhat.com/errata/RHSA-2014-0789.html

CVE-2014-0240: https://bugzilla.redhat.com/show_bug.cgi?id=1101863
CVE-2014-0242: https://bugzilla.redhat.com/show_bug.cgi?id=1101873

NOTE: mga3 is affected by CVE-2014-0240, mga4 has 3.5 in updates_testing which is unaffected by both.

Don't know what you want to do with mga3 here, bump or patch it?

Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2014-07-11 10:13:37 CEST 
Correct https://rhn.redhat.com/errata/RHSA-2014-0788.html that covers both issues.
Comment 2 David Walser 2014-07-11 11:32:14 CEST 
Already investigated.  CVE-2014-0242 was fixed in 3.4, already in Mageia 4.  CVE-2014-0240 depends on having kernel < 3.1.0, and the Mageia 3 kernel is newer.

Status: NEW => RESOLVED
Resolution: (none) => INVALID