SUSE-SU-2018:0262-1: moderate: Security update for rubygem-passenger

sle-updates at sle-updates at
Mon Jan 29 10:08:22 MST 2018

   SUSE Security Update: Security update for rubygem-passenger

Announcement ID:    SUSE-SU-2018:0262-1
Rating:             moderate
References:         #1068874 #1073255 
Cross-References:   CVE-2017-1000384 CVE-2017-16355
Affected Products:
                    SUSE Linux Enterprise Module for Containers 12

   An update that fixes two vulnerabilities is now available.


   This update for rubygem-passenger fixes several issues.

   These security issues were fixed:

   - CVE-2017-16355: When Passenger was running as root it was possible to
     list the contents of arbitrary files on a system by symlinking a file
     named REVISION from the application root folder to a file of choice and
     querying passenger-status --show=xml (bsc#1073255).
   - CVE-2017-1000384: Introduces a new check that logs a vulnerability
     warning if Passenger is run with root permissions while the directory
     permissions of (parts of) its root dir allow modifications by non-root
     users (bsc#1068874).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Containers 12:

      zypper in -t patch SUSE-SLE-Module-Containers-12-2018-182=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Module for Containers 12 (x86_64):



More information about the sle-updates mailing list