Candidate: CVE-2014-1831
PublicDate: 2015-02-19 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1831
 http://www.openwall.com/lists/oss-security/2014/01/30
Description:
 Phusion Passenger before 4.0.37 allows local users to write to certain
 files and directories via a symlink attack on (1) control_process.pid or a
 (2) generation-* file.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_ruby-passenger:
 upstream: https://github.com/phusion/passenger/commit/34b1087870c2bf85ebfd72c30b78577e10ab9744
upstream_ruby-passenger: released (4.0.33)
lucid_ruby-passenger: DNE
precise_ruby-passenger: DNE
quantal_ruby-passenger: ignored (reached end-of-life)
saucy_ruby-passenger: ignored (reached end-of-life)
trusty_ruby-passenger: not-affected (4.0.37-2)
trusty/esm_ruby-passenger: DNE (trusty was not-affected [4.0.37-2])
devel_ruby-passenger: not-affected (4.0.37-2)