USN-2431-2

See a problem?
Source
https://ubuntu.com/security/notices/USN-2431-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-2431-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-2431-2
Published
2014-12-04T20:25:09.520145Z
Modified
2014-12-04T20:25:09.520145Z
Summary
maas regression
Details

USN-2431-1 fixed vulnerabilities in mod_wsgi. The security update exposed an issue in the MAAS package, causing a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.

References

Affected packages

Ubuntu:14.04:LTS / maas

Package

Name
maas

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4+bzr2294-0ubuntu1.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "maas-dhcp": "1.5.4+bzr2294-0ubuntu1.2",
            "maas-region-controller-min": "1.5.4+bzr2294-0ubuntu1.2",
            "python-maas-client": "1.5.4+bzr2294-0ubuntu1.2",
            "maas": "1.5.4+bzr2294-0ubuntu1.2",
            "maas-cluster-controller": "1.5.4+bzr2294-0ubuntu1.2",
            "maas-dns": "1.5.4+bzr2294-0ubuntu1.2",
            "maas-region-controller": "1.5.4+bzr2294-0ubuntu1.2",
            "maas-common": "1.5.4+bzr2294-0ubuntu1.2",
            "maas-cli": "1.5.4+bzr2294-0ubuntu1.2",
            "python-django-maas": "1.5.4+bzr2294-0ubuntu1.2",
            "python-maas-provisioningserver": "1.5.4+bzr2294-0ubuntu1.2"
        }
    ]
}