RHCOS 1 : rubygem-passenger (RHSA-2013:1136)

The remote Red Hat Enterprise Linux CoreOS 1 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1136 advisory. - rubygem-passenger: incorrect temporary file usage CVE-2013-2119 - rubygem-passenger: insecure temporary directory usage due to reu...

RHSA-2013:1136 Red Hat Security Advisory: rubygem-passenger security update

Bulletin has no description...

OPENSUSE-SU-2024:11341-1 ruby2.7-rubygem-passenger-6.0.8-3.2 on GA media

These are all security issues fixed in the ruby2.7-rubygem-passenger-6.0.8-3.2 package on the GA media of openSUSE Tumbleweed...

Mageia: Security Advisory (MGASA-2013-0205)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2013-0253)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2039-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:2337-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:0262-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : rubygem-passenger (RHSA-2013:1136)

Updated rubygem-passenger packages that fix two security issues are now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

SUSE-SU-2018:2039-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issue: The following security vulnerability was addressed: - CVE-2018-12029: Fixed a file system access race condition in the chown command, which allowed for local privilege escalation and affects the Nginx module bsc1097663...

SUSE-SU-2018:0309-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issues: Security issue fixed: - CVE-2017-1000384: Introduces a new check that logs a vulnerability warning if Passenger is run with root permissions while the directory permissions of parts of its root dir allow modifications by non-root users...

SUSE-SU-2018:0262-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes several issues. These security issues were fixed: - CVE-2017-16355: When Passenger was running as root it was possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choi...

FreeBSD : rubygem-passenger -- arbitrary file read vulnerability (8cf25a29-e063-11e7-9b2c-001e672571bc)

Phusion reports : The cPanel Security Team discovered a vulnerability in Passenger that allows users to list the contents of arbitrary files on the system. CVE-2017-16355 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks ...

SUSE-SU-2017:1316-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes this security issue: - CVE-2016-10345: A known /tmp filename was used during passenger-install-nginx-module execution, which could have allowed local attackers to gain the privileges of the passenger user bsc1034594...

SUSE-SU-2016:0042-1 Security update for rubygem-passenger

This update fixes the following security issues: - CVE-2015-7519: Passenger is not filtering environment like apache is doing bnc956281 - CVE-2013-4136: Fixed security issue Passenger would reuse existing server instance directories temporary directories which could cause Passenger to remove or...

SUSE-SU-2015:2337-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issues: - CVE-2015-7519: rubygem-passenger was not filtering the environment like apache is doing, allowing injection of environment variables bsc956281...

Fedora 20 : rubygem-passenger-4.0.53-3.fc20 (2015-1151)

build for f20 1058993 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora Update for rubygem-passenger FEDORA-2015-1151

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2013-0253 Updated rubygem-passenger package fixes CVE-2013-4136 & apache module

Updated rubygem-passenger package fixes security vulnerability: It was reported that Phusion Passenger would reuse existing server instance directories temporary directories which could cause Passenger to remove or overwrite files belonging to other instances CVE-2013-4136. Additionally, the...

Updated rubygem-passenger package fixes CVE-2013-4136 & apache module

Updated rubygem-passenger package fixes security vulnerability: It was reported that Phusion Passenger would reuse existing server instance directories temporary directories which could cause Passenger to remove or overwrite files belonging to other instances CVE-2013-4136. Additionally, the...