Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1445306 - (CVE-2016-10345) CVE-2016-10345 passenger: File overwrite vulnerability in passenger-install-nginx-module
CVE-2016-10345 passenger: File overwrite vulnerability in passenger-install-n...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20161109,repor...
: Security
Depends On: 1445307 1445308 1469883 1469884 1469886 1469887 1469892
Blocks: 1445310
  Show dependency treegraph
 
Reported: 2017-04-25 09:11 EDT by Andrej Nemec
Modified: 2018-06-29 18:20 EDT (History)
38 users (show)

See Also:
Fixed In Version: rubygem-passenger 5.1.1
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Andrej Nemec 2017-04-25 09:11:42 EDT 
A file overwrite vulnerability was found in passenger caused by a predictable temporary file being written by passenger-install-nginx-module. With access to the system, a user could plant a symlink in /tmp that resulted in a chosen-file overwrite attempt whenever passenger-install-nginx-module was run, using the access rights of the executing user, potentially even with chosen content.

Upstream patch:

https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441

External References:

https://blog.phusion.nl/2017/01/10/passenger-5-1-1/
Comment 1 Andrej Nemec 2017-04-25 09:12:40 EDT 
Created passenger tracking bugs for this issue:

Affects: epel-7 [bug 1445307]
Affects: fedora-all [bug 1445308]
Comment 2 Tomas Hoger 2017-04-27 14:23:50 EDT 
This issue does not affect passenger packages in RHSCL, Fedora, and EPEL, as they do not include the affected passenger-install-nginx-module script. The script is removed during the package build, see e.g.:

http://pkgs.fedoraproject.org/cgit/rpms/passenger.git/tree/passenger.spec?h=f25&id=74773b8f#n223
Comment 3 Kurt Seifried 2017-07-11 23:36:27 EDT 
Created ruby193-rubygem-passenger tracking bugs for this issue:

Affects: openshift-1 [bug 1469883]
Comment 4 Kurt Seifried 2017-07-11 23:37:06 EDT 
Created rubygem-passenger tracking bugs for this issue:

Affects: openshift-1 [bug 1469884]
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.