/[advisories]/10497.adv
ViewVC logotype

Annotation of /10497.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 167 - (hide annotations) (download)
Tue Jul 9 18:26:08 2013 UTC (7 years, 3 months ago) by tmb
File size: 1165 byte(s)
fix text in MGASA-2013-0205
1 claire 157 type: security
2     subject: Updated rubygem-passenger package fixes CVE-2013-2119
3     CVE:
4     - CVE-2013-2119
5     src:
6     3:
7     core:
8     - rubygem-passenger-3.0.21-2.mga3
9     description: |
10 tmb 167 Phusion Passengers code did not always create temporary files and directories
11 claire 157 in a secure manner. Temporary files and directories were sometimes created
12     with a predictable filename. A local attacker can pre-create temporary files,
13     resulting in a denial of service. In addition, this vulnerability allows a
14     local attacker to run arbitrary code as another user, by hijacking temporary
15     files (CVE-2013-2119).
16    
17     The rubygem-passenger package has been upgraded to version 3.0.21, which fixes
18 claire 158 this issue, as well as many others although at the moment has further issues
19     which will be fixed with another update (mga#10728).
20 claire 157 references:
21     - http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
22     - http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
23     - https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108443.html
24 claire 158 - https://bugs.mageia.org/show_bug.cgi?id=10728
25 claire 157 - https://bugs.mageia.org/show_bug.cgi?id=10497
26 tmb 165 ID: MGASA-2013-0205

  ViewVC Help
Powered by ViewVC 1.1.28