Ubuntu has issued an advisory on August 4: https://ubuntu.com/security/notices/USN-5551-1 The issue is fixed upstream in 4.9.3. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 4.9.3Whiteboard: (none) => MGA8TOO
No particular packager visible for this SRPM, so obliged to assign this update globally.
Assignee: bugsquad => pkg-bugs
Updated package built for cauldron and Mageia 8 Advisory: ======================== Patched apache-mod_wsgi package fixes security vulnerability: It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations (CVE-2022-2255). References: https://ubuntu.com/security/notices/USN-5551-1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2255 ======================== Updated packages in core/updates_testing: ======================== apache-python3-mod_wsgi-4.6.8-4.1.mga8 from apache-mod_wsgi-4.6.8-4.1.mga8.src.rpm Test procedure: https://bugs.mageia.org/show_bug.cgi?id=13831#c6
Status comment: Fixed upstream in 4.9.3 => (none)CVE: (none) => CVE-2022-2255CC: (none) => mhrambo3501Assignee: pkg-bugs => qa-bugsWhiteboard: MGA8TOO => (none)Keywords: (none) => has_procedureVersion: Cauldron => 8
MGA8-64 Plasma on Acer Aspire 5253 No installation issues Followed procedure given above, noting that none of the wsgi folders existed yet on the system, created the folders and files, restarted httpd and got in the browser "Server error! The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script. If you think this is a server error, please contact the webmaster. Error 500" I'm stuck here.
CC: (none) => herman.viaene
Got nowhere in my attempts to figure out how to test it. Given that the package is only required by koji-hub, koschei-frontend, and pagure-web-apache-httpd which are all development oriented packages, validating on clean install over the prior version.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0289.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED