Lucene search
UbuntuUSN-5261-1HistoryFeb 01, 2022 - 12:00 a.m.
Phusion Passenger vulnerabilities
2022-02-0100:00:00
ubuntu.com
76
Releases
- Ubuntu 16.04 ESM
Packages
- passenger - Rails and Rack support
Details
It was discovered that Phusion Passenger incorrectly handled a file path in
the application root folder. An attacker could possibly use this issue to
read arbitrary files. (CVE-2017-16355)
It was discovered that Phusion Passenger had a race condition in the nginx
module that could be used to perform a symlink attack. An attacker could
possibly use this issue to escalate privileges. (CVE-2018-12029)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 16.04 | noarch | passenger | <Â 5.0.27-2ubuntu0.1~esm1 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libapache2-mod-passenger | <Â 5.0.27-2 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libapache2-mod-passenger-dbgsym | <Â 5.0.27-2 | UNKNOWN |
| Ubuntu | 16.04 | noarch | passenger | <Â 5.0.27-2 | UNKNOWN |
| Ubuntu | 16.04 | noarch | passenger-dbgsym | <Â 5.0.27-2 | UNKNOWN |
| Ubuntu | 16.04 | noarch | passenger-doc | <Â 5.0.27-2 | UNKNOWN |
| Ubuntu | 16.04 | noarch | ruby-passenger | <Â 5.0.27-2 | UNKNOWN |
| Ubuntu | 16.04 | noarch | ruby-passenger-doc | <Â 5.0.27-2 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libapache2-mod-passenger | <Â 5.0.27-2ubuntu0.1~esm1 | UNKNOWN |
Related
osv
osv
passenger vulnerabilities
2022-02-01 17:55:14
Phusion Passenger Race Condition Allows Privilege Escalation
2022-05-14 01:27:14
Phusion Passenger information disclosure
2022-05-13 01:30:59
openvas
openvas
Ubuntu: Security Advisory (USN-5261-1)
2023-01-27 00:00:00
Debian: Security Advisory (DSA-4415-1)
2019-03-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2039-1)
2021-06-09 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : Phusion Passenger vulnerabilities (USN-5261-1)
2023-10-20 00:00:00
FreeBSD : rubygem-passenger -- arbitrary file read vulnerability (8cf25a29-e063-11e7-9b2c-001e672571bc)
2017-12-19 00:00:00
Debian DSA-4415-1 : passenger - security update
2019-03-25 00:00:00
prion
prion
Race condition
2018-06-17 20:29:00
Design/Logic Flaw
2017-12-14 22:29:00
github
github
Phusion Passenger Race Condition Allows Privilege Escalation
2022-05-14 01:27:14
Phusion Passenger information disclosure
2022-05-13 01:30:59
cve
cve
CVE-2017-16355
2017-12-14 22:29:00
CVE-2018-12029
2018-06-17 20:29:00
CVE-2017-1000384
2017-12-15 10:29:00
veracode
veracode
Arbitrary File List Read
2017-11-20 02:23:04
Privilege Escalation
2018-06-25 09:19:00
cvelist
cvelist
CVE-2017-16355
2017-12-14 22:00:00
CVE-2018-12029
2018-06-17 20:00:00
debian
debian
[SECURITY] [DSA 4415-1] passenger security update
2019-03-24 11:02:30
[SECURITY] [DSA 4415-1] passenger security update
2019-03-24 11:02:48
[SECURITY] [DLA 1399-1] ruby-passenger security update
2018-06-27 19:40:44
redhatcve
redhatcve
CVE-2017-16355
2017-12-20 02:49:53
CVE-2018-12029
2018-06-19 00:49:33
ubuntucve
ubuntucve
CVE-2018-12029
2018-06-17 00:00:00
CVE-2017-16355
2017-12-14 00:00:00
debiancve
debiancve
CVE-2017-16355
2017-12-14 22:29:00
CVE-2018-12029
2018-06-17 20:29:00
freebsd
freebsd
rubygem-passenger -- arbitrary file read vulnerability
2017-10-13 00:00:00
gentoo
gentoo
Passenger: Multiple Vulnerabilities
2018-07-22 00:00:00