EasyApache 2017-10-16 Security Release

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 16, 2017, with a patch for Passenger. We strongly encourage all Passenger users to update their system to obtain the patch.

 

AFFECTED VERSIONS
All versions of Passenger

 

DESCRIPTION
This update patches a vulnerability where a user can list the contents of arbitrary files on the system when Passenger runs as the root user.

 

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 16, 2017, with a patch for Passenger. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

 

REFERENCES
https://blog.phusion.nl/2017/10/16/passenger-5-1-11/
https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/