CVE-2017-14483

Name of the Vulnerable Software and Affected Versions Gentoo dev-python/flower package versions prior to 0.9.1-r1

Description The issue allows local users to potentially kill arbitrary processes by modifying the PID file, which has its ownership set to a non-root account. This could be exploited before a root script executes a command to kill a process based on the PID file content.

Recommendations For Gentoo dev-python/flower package versions prior to 0.9.1-r1, update to version 0.9.1-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the PID file to prevent unauthorized modifications until the update can be applied.