其他分享
首页 > 其他分享> > Debian Security Advisory(Debian安全报告) DSA-4415-1 passenger security update

Debian Security Advisory(Debian安全报告) DSA-4415-1 passenger security update

作者:互联网

Debian Security Advisory(Debian安全报告) DSA-4415-1  passenger security update

Package : passenger

CVE ID : CVE-2017-16355

Debian Bug : 884463


  在web应用程序服务器passenger中发现了一个任意文件读取漏洞。允许将应用程序部署到passenger的本地用户可以利用这个缺陷,从REVISION文件创建到系统上任意文件的符号链接,并通过passenger-status显示其内容。

  这个问题在5.0.30-1+deb9u1版本中得到了修复。

  passenger的详细安全情况请参考其安全跟踪页面:https://securtracker.debian.org/tracker/passenger

-------------------------

Debian Security Advisory DSA-4415-1 passenger security update

Package        : passenger
CVE ID         : CVE-2017-16355
Debian Bug     : 884463

An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed through passenger-status.

This problem has been fixed in version 5.0.30-1+deb9u1.

For the detailed security status of passenger please refer to its security tracker page at: https://security-tracker.debian.org/tracker/passenger

标签:passenger,Advisory,Security,4415,tracker,security,Debian
来源: https://www.cnblogs.com/iAmSoScArEd/p/10599555.html