Debian Security Advisory(Debian安全报告) DSA-4415-1  passenger security update

Package : passenger

CVE ID : CVE-2017-16355

Debian Bug : 884463

  在web应用程序服务器passenger中发现了一个任意文件读取漏洞。允许将应用程序部署到passenger的本地用户可以利用这个缺陷,从REVISION文件创建到系统上任意文件的符号链接,并通过passenger-status显示其内容。

  这个问题在5.0.30-1+deb9u1版本中得到了修复。

  passenger的详细安全情况请参考其安全跟踪页面:https://securtracker.debian.org/tracker/passenger

-------------------------

Debian Security Advisory DSA-4415-1 passenger security update

Package        : passenger
CVE ID         : CVE-2017-16355
Debian Bug     : 884463

An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed through passenger-status.

This problem has been fixed in version 5.0.30-1+deb9u1.

For the detailed security status of passenger please refer to its security tracker page at: https://security-tracker.debian.org/tracker/passenger

Debian Security Advisory(Debian安全报告) DSA-4415-1 passenger security update的更多相关文章

  1. Debian Security Advisory(Debian安全报告) DSA-4416-1 wireshark security update

    Debian Security Advisory(Debian安全报告) DSA-4416-1 wireshark security update Package:wireshark CVE ID : ...

  2. Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update

    Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update Package:l ...

  3. Debian Security Advisory(Debian安全报告) DSA-4412-1 drupal7 security update

    Debian Security Advisory(Debian安全报告) DSA-4412-1 drupal7 security update Package:drupal7 CVE ID:暂无 Dr ...

  4. Debian Security Advisory(Debian安全报告) DSA-4411-1 firefox-esr security update

    Debian Security Advisory(Debian安全报告) DSA-4411-1  firefox-esr security update Package :firefox-esr CV ...

  5. Debian Security Advisory(Debian安全报告) DSA-4410-1 openjdk-8 security update

    Debian Security Advisory(Debian安全报告) DSA-4410-1 openjdk-8 security update Package :openjdk-8 CVE ID: ...

  6. Debian Security Advisory(Debian安全报告) DSA-4403-1 php7.0

    Package        : php7.0 CVE ID         : 还未申请 在广泛使用的开放源码通用脚本语言PHP中发现了多个安全问题:EXIF扩展存在多个无效内存访问的情况,并且发现 ...

  7. Debian Security Advisory(Debian安全报告) DSA-4407-1 xmltooling

    Package        : xmltooling CVE ID         : CVE-2019-9628 Ross Geerlings发现xmltools库没有正确处理关于错误(畸形)XM ...

  8. Debian Security Advisory(Debian安全报告) DSA-4406-1 waagent

    Package        : waagentCVE ID         : CVE-2019-0804 Francis McBratney发现Windows Azure Linux代理创建了具有 ...

  9. Debian Security Advisory(Debian安全报告) DSA-4404-1 chromium

    Package : chromium CVE ID : CVE-2019-5786 Clement Lecigne在chromium的文件读取器实现中发现了一个use-after-free(释放后重用 ...

随机推荐

  1. 通俗易懂的来理解Iaas,Paas,SaaS

    首先我们先来了解一下这几个单词的意思和完全的英文 Iaas:Infrastructure as a service    基础设施即服务 Paas:Platform as a service   平台 ...

  2. A1125. Chain the Ropes

    Given some segments of rope, you are supposed to chain them into one rope. Each time you may only fo ...

  3. A1107. Social Clusters

    When register on a social network, you are always asked to specify your hobbies in order to find som ...

  4. 【洛谷P2868】Sightseeing Cows

    题目大意:给定一个 N 个点,M 条边的有向图,点有点权,边有边权,求该有向图中的一个环,使得环上点权和与环上边权和之比最大. 题解:0/1 分数规划思想,每次二分一个 mid,在新图上跑 spfa, ...

  5. mfc01

    1.解决不能将参数1从“const char []”转换为“LPCTSTR” ,使用多字节字符集.

  6. redis的操作

    redis相当于是一个在内存中创建的大字典 redis的value有5大数据类型: redis的value有5大数据类型: 字符串 import redis conn = redis.Redis(ho ...

  7. TestNg 5.类分组

    类分组是可以给类去分组,几个类分成不同的组. 比如,建立3个类GroupsOnClass1,GroupsOnClass2,GroupsOnClass3.   GroupsOnClass1和Groups ...

  8. MySQL的主从分离基本配置

    1.介绍 MySQL数据库设置读写分离,可以使对数据库的写操作和读操作在不同服务器上执行,提高并发量和响应速度.现在的网站一般大点的,都采用有数据库主从分离.读写分离,既起到备份作用也可以减轻数据库的 ...

  9. JS学习笔记Day2

    一.程序的三大结构 顺序结构:从上到下,从左到右依次执行每一条语句 选择结构:根据条件判断选择要执行的语句,出口只有一个 循环结构:满足一定条件,重复执行一段代码 二.选择结构 1.三元运算符:? : ...

  10. (BFS 二叉树) leetcode 515. Find Largest Value in Each Tree Row

    You need to find the largest value in each row of a binary tree. Example: Input: 1 / \ 3 2 / \ \ 5 3 ...