Advisories » MGASA-2013-0253

Updated rubygem-passenger package fixes CVE-2013-4136 & apache module

Publication date: 22 Aug 2013
Modification date: 22 Aug 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4146

Description

Updated rubygem-passenger package fixes security vulnerability:

It was reported that Phusion Passenger would reuse existing server instance
directories (temporary directories) which could cause Passenger to remove or
overwrite files belonging to other instances (CVE-2013-4136).

Additionally, the package has been fixed so that the Apache module should load.
                

References

• https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112716.html
• https://bugs.mageia.org/show_bug.cgi?id=10890
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4146

SRPMS

3/core

• rubygem-passenger-3.0.21-2.2.mga3