Parent Directory
| 
Revision Log
Add link for 2nd bug to sec advisory for rubygem-passenger mga#10497
| 1 | claire | 157 | type: security |
| 2 | subject: Updated rubygem-passenger package fixes CVE-2013-2119 | ||
| 3 | CVE: | ||
| 4 | - CVE-2013-2119 | ||
| 5 | src: | ||
| 6 | 3: | ||
| 7 | core: | ||
| 8 | - rubygem-passenger-3.0.21-2.mga3 | ||
| 9 | description: | | ||
| 10 | Phusion Passenger’s code did not always create temporary files and directories | ||
| 11 | in a secure manner. Temporary files and directories were sometimes created | ||
| 12 | with a predictable filename. A local attacker can pre-create temporary files, | ||
| 13 | resulting in a denial of service. In addition, this vulnerability allows a | ||
| 14 | local attacker to run arbitrary code as another user, by hijacking temporary | ||
| 15 | files (CVE-2013-2119). | ||
| 16 | |||
| 17 | The rubygem-passenger package has been upgraded to version 3.0.21, which fixes | ||
| 18 | claire | 158 | this issue, as well as many others although at the moment has further issues |
| 19 | which will be fixed with another update (mga#10728). | ||
| 20 | claire | 157 | references: |
| 21 | - http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/ | ||
| 22 | - http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/ | ||
| 23 | - https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108443.html | ||
| 24 | claire | 158 | - https://bugs.mageia.org/show_bug.cgi?id=10728 |
| 25 | claire | 157 | - https://bugs.mageia.org/show_bug.cgi?id=10497 |
| ViewVC Help | |
| Powered by ViewVC 1.1.30 |