Ubuntu 16.04 ESM : Phusion Passenger vulnerabilities (USN-5261-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5261-1 advisory. It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to rea...

SUSE CVE-2017-16355

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10, if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root...

SUSE CVE-2017-1000384

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-16355. Reason: This candidate is a reservation duplicate of CVE-2017-16355. Notes: All CVE users should reference CVE-2017-16355 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

Ubuntu: Security Advisory (USN-5261-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4415-1] passenger security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4415-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4415-1] passenger security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4415-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...

SUSE-SU-2018:0262-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes several issues. These security issues were fixed: - CVE-2017-16355: When Passenger was running as root it was possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choi...

CVE-2017-16355

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10, if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root...

CVE-2017-1000384

CVE-2017-1000384 is a reservation duplicate of CVE-2017-16355. The connected sources describe a vulnerability in Phusion Passenger (notably the agent/Core/SpawningKit/Spawner.h path) that allows an arbitrary file read by a local user through symlinking the REVISION file to a target file and query...

CVE-2017-16355

CVE-2017-16355 affects Phusion Passenger 5.1.10 (fixed in Open Source 5.1.11 and Enterprise 5.1.10). When Passenger runs as root, an attacker can read arbitrary files by symlinking the REVISION file from the application root to a target file and querying passenger-status --show=xml, enabling a lo...

rubygem-passenger -- arbitrary file read vulnerability

Phusion reports: The cPanel Security Team discovered a vulnerability in Passenger that allows users to list the contents of arbitrary files on the system. CVE-2017-16355 has been assigned to this issue...