Candidate: CVE-2018-12026
PublicDate: 2018-06-17 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12026
 https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
 https://blog.phusion.nl/passenger-5-3-2
Description:
 During the spawning of a malicious Passenger-managed application,
 SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such
 applications to replace key files or directories in the spawning
 communication directory with symlinks. This then could result in arbitrary
 reads and writes, which in turn can result in information disclosure and
 privilege escalation.
Ubuntu-Description:
Notes:
 rodrigo-zaiden> xenial, bionic, focal and impish have version 5.0.x and are
  not affected because the issue was introduced in 5.3.0, with a major
  overhaul in SpawningKit.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_passenger:
upstream_passenger: released (5.3.2)
precise/esm_passenger: DNE
trusty_passenger: DNE
trusty/esm_passenger: DNE
xenial_passenger: not-affected (code not present)
artful_passenger: ignored (reached end-of-life)
bionic_passenger: not-affected (code not present)
cosmic_passenger: ignored (reached end-of-life)
disco_passenger: ignored (reached end-of-life)
eoan_passenger: ignored (reached end-of-life)
focal_passenger: not-affected (code not present)
groovy_passenger: ignored (reached end-of-life)
hirsute_passenger: ignored (reached end-of-life)
impish_passenger: not-affected (code not present)
jammy_passenger: not-affected (6.0.10-3build1)
devel_passenger: not-affected (6.0.10-3build1)

Patches_ruby-passenger:
upstream_ruby-passenger: needs-triage
precise/esm_ruby-passenger: DNE
trusty_ruby-passenger: ignored (reached end-of-life)
trusty/esm_ruby-passenger: DNE (trusty was needs-triage)
xenial_ruby-passenger: DNE
artful_ruby-passenger: DNE
bionic_ruby-passenger: DNE
cosmic_ruby-passenger: DNE
disco_ruby-passenger: DNE
eoan_ruby-passenger: DNE
focal_ruby-passenger: DNE
groovy_ruby-passenger: DNE
hirsute_ruby-passenger: DNE
impish_ruby-passenger: DNE
jammy_ruby-passenger: DNE
devel_ruby-passenger: DNE