Your message dated Sun, 16 Mar 2014 18:47:10 +0000
with message-id <[email protected]>
and subject line Bug#736958: fixed in ruby-passenger 3.0.13debian-1+deb7u2
has caused the Debian Bug report #736958,
regarding ruby-passenger: CVE-2014-1831: insecure use of /tmp
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
736958: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ruby-passenger
Version: 4.0.35-1
Severity: important
Tags: security
Upstream has just committed a fix a security vulnerability:
https://github.com/phusion/passenger/commit/34b1087870c2
Quoting the NEWS file:
Urgency: low
Scope: local exploit
Summary: writing files to arbitrary directory by hijacking temp
directories
Affected versions: 4.0.5 and later
Fixed versions: 4.0.37
Description:
Phusion Passenger creates a "server instance directory" in /tmp during
startup, which is a temporary directory that Phusion Passenger uses to
store working files. This directory is deleted after Phusion Passenger
exits. For various technical reasons, this directory must have a
semi-predictable filename. If a local attacker can predict this
filename, and precreates a symlink with the same filename that points to
an arbitrary directory with mode 755, owner root and group root, then
the attacker will succeed in making Phusion Passenger write files and
create subdirectories inside that target directory. The following
files/subdirectories are created:
* control_process.pid
* generation-X, where X is a number.
If you happen to have a file inside the target directory called
`control_process.pid`, then that file's contents are overwritten.
These files and directories are deleted during Phusion Passenger exit.
The target directory itself is not deleted, nor are any other contents
inside the target directory, although the symlink is.
--
Jakub Wilk
--- End Message ---
--- Begin Message ---
Source: ruby-passenger
Source-Version: 3.0.13debian-1+deb7u2
We believe that the bug you reported is fixed in the latest version of
ruby-passenger, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Felix Geyer <[email protected]> (supplier of updated ruby-passenger package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 08 Mar 2014 19:42:03 +0100
Source: ruby-passenger
Binary: ruby-passenger libapache2-mod-passenger ruby-passenger-doc
Architecture: source amd64 all
Version: 3.0.13debian-1+deb7u2
Distribution: wheezy
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Felix Geyer <[email protected]>
Description:
libapache2-mod-passenger - Rails and Rack support for Apache2
ruby-passenger - Rails and Rack support for Apache2 and Nginx
ruby-passenger-doc - Rails and Rack support for Apache2 - Documentation
Closes: 736958
Changes:
ruby-passenger (3.0.13debian-1+deb7u2) wheezy; urgency=medium
.
* Fix CVE-2014-1831 and CVE-2014-1832: insecure use of /tmp.
(Closes: #736958)
- Backport upstream commits in CVE-2014-1831.patch and CVE-2014-1832.patch
Checksums-Sha1:
02940bbb7453de81410789d9c7095c55a5227433 2508
ruby-passenger_3.0.13debian-1+deb7u2.dsc
6a070aa0ba9dd8bc2f0edb80e1f90273b61549b9 17618
ruby-passenger_3.0.13debian-1+deb7u2.debian.tar.gz
c7c82425a56e27a32a530a80cfa1d0f996ff896a 1583084
ruby-passenger_3.0.13debian-1+deb7u2_amd64.deb
8fa305048b66c52ac25bfd3fefca662070cc2659 246948
libapache2-mod-passenger_3.0.13debian-1+deb7u2_amd64.deb
0a006a16e9e8f7d96b7454ef99a704316db420f3 411330
ruby-passenger-doc_3.0.13debian-1+deb7u2_all.deb
Checksums-Sha256:
d8d8926a2aee78b5e8ebd73bce9b150efe29cadb1a6d54b43ac2a3dfc947a65d 2508
ruby-passenger_3.0.13debian-1+deb7u2.dsc
74426f66efee39d24004b914cbb7deb317077de1eca457f34bcc909574e9f311 17618
ruby-passenger_3.0.13debian-1+deb7u2.debian.tar.gz
cfb7a41bac753987c31d3121009c6370acb6f9f6c8fce5908bb10ce6320beabb 1583084
ruby-passenger_3.0.13debian-1+deb7u2_amd64.deb
111abea369a4c70c0041d644e1c90a94ba7ea7dce17908b35852368e523d2177 246948
libapache2-mod-passenger_3.0.13debian-1+deb7u2_amd64.deb
64cbd4337f6fadfc2f38320f49e5cb202a4873bea0af4a2e859a4ea0d2586b75 411330
ruby-passenger-doc_3.0.13debian-1+deb7u2_all.deb
Files:
374dec559315f5443528fd2bcf7565c8 2508 ruby optional
ruby-passenger_3.0.13debian-1+deb7u2.dsc
e46abb1581eacf212e44aac7d83c1e07 17618 ruby optional
ruby-passenger_3.0.13debian-1+deb7u2.debian.tar.gz
7e7e695ac1ba0a8c713802e8522581c8 1583084 ruby optional
ruby-passenger_3.0.13debian-1+deb7u2_amd64.deb
9e9b1a4e587631503ee73de7ec5953f8 246948 web optional
libapache2-mod-passenger_3.0.13debian-1+deb7u2_amd64.deb
a6a767c60687369d040d152710fa53cc 411330 doc optional
ruby-passenger-doc_3.0.13debian-1+deb7u2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTIJmvAAoJEP4ixv2DE11F4VoP/2OND1x5xeO2dKRCtOE9kKGJ
fUZCT4JQFO0haXIPAAh5g9htKfZB2rxTIQalfQNxI/YC4OtCkBMXm80bBQbHStht
XWQtsNo2x0FI8TRq9WfgQah1k54EKgih0E0qAicdLxDoNau41okiAS7oAlao9KyN
Ps9iGZsZwXuokGo+xvnLxYdQkHpMNGZRaHL+QckB5+A+yqkmbT/ykhfjNDJ8G+4m
yFnOiIeV+eerIjV49jqbTlPl8iD+6UI+UZZqSjukhsxRzrXCw3vRw/s3xPf7vuNd
6sYUSQHPiHoi5tRDP49upE3M5CovsGBfsJ7h1VEKhVB6ysrnHUikd9WDPUKQIKW+
AR8hrhOJLe8sXnqr69Noq1oQW+GEQ4g8qTQm+40oKEjz8drUcnffNHZphgCAi0O/
HgFbfuxEJsWmnJHzMwY+RfcfapLjYgGKLNUkKB+1R3j+c8Smx8TkphbQuKfzVVR6
7J+c5OtvzjG2fwrdXzaukq04c4lflRT61OKf4+yGrcqKCV3eKn7Utf4GBtRqwL69
K+2I5Bu24RpoO9S+FU4MurAUmwqGhYOyz+XfkPjz4uhamzm+xm2iqgCArNFGyGSx
EY7jT/Hq9Ao4pNvIy4MURzCvTm8z+vQiYYbfBTq7JETpDZQtH9nRkv+94HuzJqiN
futGddv4xJaeHPvLJH5N
=UU8G
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
