4 matches found
SUSE-SU-2018:0309-1 Security update for rubygem-passenger
This update for rubygem-passenger fixes the following issues: Security issue fixed: - CVE-2017-1000384: Introduces a new check that logs a vulnerability warning if Passenger is run with root permissions while the directory permissions of parts of its root dir allow modifications by non-root users...
SUSE-SU-2018:0262-1 Security update for rubygem-passenger
This update for rubygem-passenger fixes several issues. These security issues were fixed: - CVE-2017-16355: When Passenger was running as root it was possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choi...
CVE-2017-1000384
...
CVE-2017-1000384
CVE-2017-1000384 is a reservation duplicate of CVE-2017-16355. The connected sources describe a vulnerability in Phusion Passenger (notably the agent/Core/SpawningKit/Spawner.h path) that allows an arbitrary file read by a local user through symlinking the REVISION file to a target file and query...