GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Jul 22, 2018 9:26 pm Post subject: [ GLSA 201807-02 ] Passenger |
|
|
Gentoo Linux Security Advisory
Title: Passenger: Multiple Vulnerabilities (GLSA 201807-02)
Severity: normal
Exploitable: remote
Date: 2018-07-22
Bug(s): #658346
ID: 201807-02
Synopsis
Multiple vulnerabilities have been found in Passenger, the worst of
which could result in the execution of arbitrary code.
Background
Passenger runs and manages your Ruby, Node.js, and Python apps.
Affected Packages
Package: www-apache/passenger
Vulnerable: < 5.3.2
Unaffected: >= 5.3.2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Passenger. Please
review the CVE identifiers referenced below for details.
Impact
A remote attacker could escalate privileges, execute arbitrary code,
cause a Denial of Service condition, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Passenger users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apache/passenger-5.3.2"
|
References
CVE-2018-12026
CVE-2018-12027
CVE-2018-12028
CVE-2018-12029 |
|