Security update for rubygem-passenger SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:2039-1 Final 1 1 2018-07-23T08:43:57Z current 2018-07-23T08:43:57Z 2018-07-23T08:43:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for rubygem-passenger This update for rubygem-passenger fixes the following issue: The following security vulnerability was addressed: - CVE-2018-12029: Fixed a file system access race condition in the chown command, which allowed for local privilege escalation and affects the Nginx module (bsc#1097663). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Containers-12-2018-1373 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20182039-1/ Link for SUSE-SU-2018:2039-1 https://lists.suse.com/pipermail/sle-security-updates/2018-July/004296.html E-Mail link for SUSE-SU-2018:2039-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1097663 SUSE Bug 1097663 https://www.suse.com/security/cve/CVE-2018-12029/ SUSE CVE CVE-2018-12029 page SUSE Linux Enterprise Module for Containers 12 ruby2.1-rubygem-passenger-5.0.18-12.9.1 rubygem-passenger-5.0.18-12.9.1 rubygem-passenger-apache2-5.0.18-12.9.1 ruby2.1-rubygem-passenger-5.0.18-12.9.1 as a component of SUSE Linux Enterprise Module for Containers 12 rubygem-passenger-5.0.18-12.9.1 as a component of SUSE Linux Enterprise Module for Containers 12 rubygem-passenger-apache2-5.0.18-12.9.1 as a component of SUSE Linux Enterprise Module for Containers 12 A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation. CVE-2018-12029 SUSE Linux Enterprise Module for Containers 12:ruby2.1-rubygem-passenger-5.0.18-12.9.1 SUSE Linux Enterprise Module for Containers 12:rubygem-passenger-5.0.18-12.9.1 SUSE Linux Enterprise Module for Containers 12:rubygem-passenger-apache2-5.0.18-12.9.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182039-1/ https://www.suse.com/security/cve/CVE-2018-12029.html CVE-2018-12029 https://bugzilla.suse.com/1097655 SUSE Bug 1097655 https://bugzilla.suse.com/1097663 SUSE Bug 1097663 https://bugzilla.suse.com/1097664 SUSE Bug 1097664