13724 – multiple vulnerabilities in apache-mod_wsgi (CVE-2014-0240, CVE-2014-0242)

Bug 13724 - multiple vulnerabilities in apache-mod_wsgi (CVE-2014-0240, CVE-2014-0242)

Summary: multiple vulnerabilities in apache-mod_wsgi (CVE-2014-0240, CVE-2014-0242)

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	3
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-07-11 10:09 CEST by Oden Eriksson
Modified:	2014-07-11 11:32 CEST (History)
CC List:	0 users

See Also:
Source RPM:	apache-mod_wsgi
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Oden Eriksson 2014-07-11 10:09:39 CEST

https://rhn.redhat.com/errata/RHSA-2014-0789.html

CVE-2014-0240: https://bugzilla.redhat.com/show_bug.cgi?id=1101863
CVE-2014-0242: https://bugzilla.redhat.com/show_bug.cgi?id=1101873

NOTE: mga3 is affected by CVE-2014-0240, mga4 has 3.5 in updates_testing which is unaffected by both.

Don't know what you want to do with mga3 here, bump or patch it?

Reproducible: 

Steps to Reproduce:

Comment 1 Oden Eriksson 2014-07-11 10:13:37 CEST

Correct https://rhn.redhat.com/errata/RHSA-2014-0788.html that covers both issues.

Comment 2 David Walser 2014-07-11 11:32:14 CEST

Already investigated.  CVE-2014-0242 was fixed in 3.4, already in Mageia 4.  CVE-2014-0240 depends on having kernel < 3.1.0, and the Mageia 3 kernel is newer.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.