29 May '13, 2pm

Phusion Passenger 4.0.5 released, fixes temp file vulnerability CVE-2013-2119:

Fixed security vulnerability CVE-2013-2119. Urgency: low Scope: local exploit Summary: denial of service and arbitrary code execution by hijacking temp files Affected versions: all versions Fixed versions: 3.0.21 and 4.0.5 Description: Phusion Passenger’s code did not always create temporary files and directories in a secure manner. Temporary files and directories were sometimes created with a predictable filename. A local attacker can pre-create temporary files, resulting in a denial of service. In addition, this vulnerability allows a local attacker to run arbitrary code as another user, by hijacking temporary files. By pre-creating certain temporary files with certain permissions, attackers can prevent Passenger Standalone from starting (denial of service). By pre-creating certain temporary files with certain other permissions, attackers can trick passenger start and th...

Full article: http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5...

Tweets

Phusion Passenger 3.0.21 and 4.0.5 released, fi...

rubyflow.com 29 May '13, 2pm

Phusion Passenger 3.0.21 and 4.0.5 released, fix temp file vulnerability CVE-2013-2119 Posted by FooBarWidget on May 29, 2...

Phusion Passenger 4.0.4 released

blog.phusion.nl 27 May '13, 9pm

Fixed autodetection of noexec-mount /tmp directory. Fixes issue #850 and issue #625 . Fixed a WSGI bug. wsgi.input was a f...

5/24 リリースされていた。時間を確保でき次第、性能比較してみる。/Phusion Pass...

blog.phusion.nl 27 May '13, 6am

Better protection is now provided against application processes that are stuck and refuse to shut down cleanly. Since vers...

Phusion Passenger 4.0.3 released

rubyflow.com 25 May '13, 9am

Phusion Passenger 4.0.3 released Posted by FooBarWidget on May 25, 2013 — 0 comments This release comes with important fea...

Phusion Passenger 4.0.3 released

blog.phusion.nl 24 May '13, 9pm

Better protection is now provided against application processes that are stuck and refuse to shut down cleanly. Since vers...

The Complete Guide to Environment Variables

modrails.com 04 Jun '13, 2pm

It is very hard to obtain a full list of web applications defined in the Apache configuration file(s). In other words, it’...

Do you find yourself doing more airport runs at...

voyagermpv.co.uk 29 May '13, 1pm

Taximeters and Radio Equipment

ZenTest version 4.9.2 has been released! | soft...

blog.zenspider.com 30 May '13, 12am

ZenTest version 4.9.2 has been released! Published 2013-05-29 @ 17:22 ZenTest provides 4 different tools: zentest, unit_di...

Phusion Passenger DOES support Ruby 2.0

blog.phusion.nl 06 Jun '13, 9am

Phusion Passenger does support Ruby 2.0, since version 4.0.0. In the RC 2 announcement we merely claimed that we encounter...

minitest-bacon version 1.0.1 has been released!...

blog.zenspider.com 30 May '13, 12am

minitest-bacon version 1.0.1 has been released! Published 2013-05-29 @ 17:15 minitest-bacon extends minitest with bacon-li...

minitest version 5.0.3 has been released! | sof...

blog.zenspider.com 30 May '13, 12am

minitest version 5.0.3 has been released! Published 2013-05-29 @ 17:46 minitest provides a complete suite of testing facil...