Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 21 Nov 2017 17:15:56 -0600
From: John Lightsey <>
To: Tomas Hoger <>
Subject: Re: phusion passenger CVE-2017-1000384

On 11/21/17 4:11 PM, Tomas Hoger wrote:
> On Fri, 17 Nov 2017 14:58:43 -0600 John Lightsey wrote:
>> The commit for the arbitrary file read vulnerability mentioned in the
>> Gentoo bug report is actually this one:
> Is passenger-status the only way to obtain the content of the target
> file?  If so, this problem is mitigated in versions prior to 5.0.10
> where root privileges were required to get the status information.

Yes, that is accurate as far as I'm aware.

Download attachment "smime.p7s" of type "application/pkcs7-signature" (3982 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ