Security update for rubygem-passenger
Announcement ID: | SUSE-SU-2016:0042-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves three vulnerabilities can now be installed.
Description:
This update fixes the following security issues:
-
CVE-2015-7519: Passenger is not filtering environment like apache is doing (bnc#956281)
-
CVE-2013-4136: Fixed security issue Passenger would reuse existing server instance directories (temporary directories) which could cause Passenger to remove or overwrite files belonging to other instances. Solution: If the server instance directory already exists, it will now be removed first in order get correct directory permissions. If the directory still exists after removal, Phusion Passenger aborts to avoid writing to a directory with unexpected permissions.(bnc#919726)
-
CVE-2013-2119: Fixed security issue related with incorrect temporary file usage (bnc#828005)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Studio Onsite 1.3
zypper in -t patch slestso13-rubygem-passenger-12303=1
-
WebYaST for SLE-11 1.3
zypper in -t patch slewyst13-rubygem-passenger-12303=1
-
SLES for SAP Applications 11-SP4
zypper in -t patch slewyst13-rubygem-passenger-12303=1
Package List:
-
SUSE Studio Onsite 1.3 (x86_64)
- rubygem-passenger-3.0.14-0.14.1
- rubygem-passenger-nginx-3.0.14-0.14.1
-
WebYaST for SLE-11 1.3 (s390x x86_64 i586 ppc64 ia64)
- rubygem-passenger-3.0.14-0.14.1
- rubygem-passenger-nginx-3.0.14-0.14.1
-
SLES for SAP Applications 11-SP4 (ppc64 x86_64)
- rubygem-passenger-3.0.14-0.14.1
- rubygem-passenger-nginx-3.0.14-0.14.1
References:
- https://www.suse.com/security/cve/CVE-2013-2119.html
- https://www.suse.com/security/cve/CVE-2013-4136.html
- https://www.suse.com/security/cve/CVE-2015-7519.html
- https://bugzilla.suse.com/show_bug.cgi?id=828005
- https://bugzilla.suse.com/show_bug.cgi?id=919726
- https://bugzilla.suse.com/show_bug.cgi?id=956281