Parent Directory | Revision Log
Adding sec advisory for rubygem-passenger mga#10497
1 | type: security |
2 | subject: Updated rubygem-passenger package fixes CVE-2013-2119 |
3 | CVE: |
4 | - CVE-2013-2119 |
5 | src: |
6 | 3: |
7 | core: |
8 | - rubygem-passenger-3.0.21-2.mga3 |
9 | description: | |
10 | Phusion Passenger’s code did not always create temporary files and directories |
11 | in a secure manner. Temporary files and directories were sometimes created |
12 | with a predictable filename. A local attacker can pre-create temporary files, |
13 | resulting in a denial of service. In addition, this vulnerability allows a |
14 | local attacker to run arbitrary code as another user, by hijacking temporary |
15 | files (CVE-2013-2119). |
16 | |
17 | The rubygem-passenger package has been upgraded to version 3.0.21, which fixes |
18 | this issue, as well as many others although at the moment has some issues |
19 | which will be fixed with a further update (mga#10728). |
20 | references: |
21 | - http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/ |
22 | - http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/ |
23 | - https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108443.html |
24 | - https://bugs.mageia.org/show_bug.cgi?id=10497 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |