/[advisories]/10497.adv
ViewVC logotype

Contents of /10497.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 157 - (show annotations) (download)
Sun Jul 7 12:34:59 2013 UTC (7 years, 3 months ago) by claire
File size: 1098 byte(s)
Adding sec advisory for rubygem-passenger mga#10497
1 type: security
2 subject: Updated rubygem-passenger package fixes CVE-2013-2119
3 CVE:
4 - CVE-2013-2119
5 src:
6 3:
7 core:
8 - rubygem-passenger-3.0.21-2.mga3
9 description: |
10 Phusion Passenger’s code did not always create temporary files and directories
11 in a secure manner. Temporary files and directories were sometimes created
12 with a predictable filename. A local attacker can pre-create temporary files,
13 resulting in a denial of service. In addition, this vulnerability allows a
14 local attacker to run arbitrary code as another user, by hijacking temporary
15 files (CVE-2013-2119).
16
17 The rubygem-passenger package has been upgraded to version 3.0.21, which fixes
18 this issue, as well as many others although at the moment has some issues
19 which will be fixed with a further update (mga#10728).
20 references:
21 - http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
22 - http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
23 - https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108443.html
24 - https://bugs.mageia.org/show_bug.cgi?id=10497

  ViewVC Help
Powered by ViewVC 1.1.28