zoukankan      html  css  js  c++  java
  • Debian Security Advisory(Debian安全报告) DSA-4415-1 passenger security update

    Debian Security Advisory(Debian安全报告) DSA-4415-1  passenger security update

    Package : passenger

    CVE ID : CVE-2017-16355

    Debian Bug : 884463


      在web应用程序服务器passenger中发现了一个任意文件读取漏洞。允许将应用程序部署到passenger的本地用户可以利用这个缺陷,从REVISION文件创建到系统上任意文件的符号链接,并通过passenger-status显示其内容。

      这个问题在5.0.30-1+deb9u1版本中得到了修复。

      passenger的详细安全情况请参考其安全跟踪页面:https://securtracker.debian.org/tracker/passenger

    -------------------------

    Debian Security Advisory DSA-4415-1 passenger security update

    Package        : passenger
    CVE ID         : CVE-2017-16355
    Debian Bug     : 884463

    An arbitrary file read vulnerability was discovered in passenger, a web 
    application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed through passenger-status.

    This problem has been fixed in version 5.0.30-1+deb9u1.

    For the detailed security status of passenger please refer to its security tracker page at: https://security-tracker.debian.org/tracker/passenger

  • 相关阅读:
    IntelliJ Idea 快捷键列表
    mysql索引类型和方式
    基本git指令
    idea中deBug方法
    BeanUtils.copyProperties(A,B)使用注意事项
    MySQL字段类型
    JAVA常识1
    Redis在windows下的安装下载
    Netty
    IDEA工具
  • 原文地址:https://www.cnblogs.com/iAmSoScArEd/p/10599555.html
Copyright © 2011-2022 走看看