All errata/sisyphus/ALT-PU-2016-3266-1
ALT-PU-2016-3266-1

Package update passenger in branch sisyphus

Version4.0.60-alt1
Task#167096
Published2016-07-18
Max severityLOW
Severity:

Closed issues (4)

CVE-2014-1831
LOW2.1

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.

Published: 2015-02-19Modified: 2025-04-12
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:P/A:N
References
CVE-2014-1832
LOW2.1

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.

Published: 2015-02-19Modified: 2025-04-12
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:P/A:N
References
GHSA-c7j7-p5jq-26ff
NONE

Insecure use of temporary files in passenger

Published: 2018-10-10Modified: 2023-07-05
References
GHSA-qw8w-2xcp-xg59
NONE

Insecure use of temporary files in Phusion passenger

Published: 2018-10-10Modified: 2023-07-04
References