Packages
- maas - Ubuntu MAAS Server
Details
USN-2431-1 fixed vulnerabilities in mod_wsgi. The security update exposed
an issue in the MAAS package, causing a regression. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that mod_wsgi incorrectly handled errors when setting up
the working directory and group access rights. A malicious application
could possibly use this issue to cause a local privilege escalation when
using daemon mode.
USN-2431-1 fixed vulnerabilities in mod_wsgi. The security update exposed
an issue in the MAAS package, causing a regression. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that mod_wsgi incorrectly handled errors when setting up
the working directory and group access rights. A malicious application
could possibly use this issue to cause a local privilege escalation when
using daemon mode.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
14.10 utopic | maas-region-controller-min – 1.7.0~beta8+bzr3272-0ubuntu1.2 | ||
14.04 trusty | maas-region-controller-min – 1.5.4+bzr2294-0ubuntu1.2 | ||
12.04 precise | maas-region-controller – 1.2+bzr1373+dfsg-0ubuntu1~12.04.6 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.