SUSE-SU-2016:0042-1

Source
https://www.suse.com/support/update/announcement/2016/suse-su-20160042-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0042-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2016:0042-1
Related
Published
2016-01-07T09:33:34Z
Modified
2016-01-07T09:33:34Z
Summary
Security update for rubygem-passenger
Details

This update fixes the following security issues:

  • CVE-2015-7519: Passenger is not filtering environment like apache is doing (bnc#956281)

  • CVE-2013-4136: Fixed security issue Passenger would reuse existing server instance directories (temporary directories) which could cause Passenger to remove or overwrite files belonging to other instances. Solution: If the server instance directory already exists, it will now be removed first in order get correct directory permissions. If the directory still exists after removal, Phusion Passenger aborts to avoid writing to a directory with unexpected permissions.(bnc#919726)

  • CVE-2013-2119: Fixed security issue related with incorrect temporary file usage (bnc#828005)

References

Affected packages

SUSE:Lifecycle Management Server 1.3 / rubygem-passenger

Package

Name
rubygem-passenger
Purl
purl:rpm/suse/rubygem-passenger&distro=SUSE%20Lifecycle%20Management%20Server%201.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.14-0.14.1

Ecosystem specific

{
    "binaries": [
        {
            "rubygem-passenger": "3.0.14-0.14.1",
            "rubygem-passenger-apache2": "3.0.14-0.14.1",
            "rubygem-passenger-nginx": "3.0.14-0.14.1"
        }
    ]
}

SUSE:Studio Onsite 1.3 / rubygem-passenger

Package

Name
rubygem-passenger
Purl
purl:rpm/suse/rubygem-passenger&distro=SUSE%20Studio%20Onsite%201.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.14-0.14.1

Ecosystem specific

{
    "binaries": [
        {
            "rubygem-passenger": "3.0.14-0.14.1",
            "rubygem-passenger-nginx": "3.0.14-0.14.1"
        }
    ]
}

SUSE:WebYast 1.3 / rubygem-passenger

Package

Name
rubygem-passenger
Purl
purl:rpm/suse/rubygem-passenger&distro=SUSE%20WebYast%201.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.14-0.14.1

Ecosystem specific

{
    "binaries": [
        {
            "rubygem-passenger": "3.0.14-0.14.1",
            "rubygem-passenger-nginx": "3.0.14-0.14.1"
        }
    ]
}