{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"critical"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2018-12026","title":"Title"},{"category":"description","text":"During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2018-12026","url":"https://www.suse.com/security/cve/CVE-2018-12026"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1097655 for CVE-2018-12026","url":"https://bugzilla.suse.com/1097655"},{"category":"external","summary":"SUSE Bug 1097663 for CVE-2018-12026","url":"https://bugzilla.suse.com/1097663"},{"category":"external","summary":"SUSE Bug 1097664 for CVE-2018-12026","url":"https://bugzilla.suse.com/1097664"}],"title":"SUSE CVE CVE-2018-12026","tracking":{"current_release_date":"2025-10-07T09:54:19Z","generator":{"date":"2023-02-15T04:27:01Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2018-12026","initial_release_date":"2023-02-15T04:27:01Z","revision_history":[{"date":"2023-02-15T04:27:01Z","number":"2","summary":"Current version"},{"date":"2024-07-03T05:33:40Z","number":"3","summary":"Current version"},{"date":"2025-01-01T07:38:14Z","number":"4","summary":"Current version"},{"date":"2025-02-18T07:04:40Z","number":"5","summary":"Current version"},{"date":"2025-03-14T04:01:44Z","number":"6","summary":"Current version"},{"date":"2025-03-15T12:05:54Z","number":"7","summary":"Current version"},{"date":"2025-04-25T07:01:12Z","number":"8","summary":"Current version"},{"date":"2025-10-07T09:54:19Z","number":"9","summary":"Current version"}],"status":"interim","version":"9"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Lifecycle Management Server 1.3","product":{"name":"SUSE Lifecycle Management Server 1.3","product_id":"SUSE Lifecycle Management Server 1.3","product_identification_helper":{"cpe":"cpe:/a:suse:sle-slms:1.3"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 12","product":{"name":"SUSE Linux Enterprise High Performance Computing 12","product_id":"SUSE Linux Enterprise High Performance Computing 12","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Containers 12","product":{"name":"SUSE Linux Enterprise Module for Containers 12","product_id":"SUSE Linux Enterprise Module for Containers 12","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-containers:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12","product":{"name":"SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3","product":{"name":"SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP4","product":{"name":"SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5","product":{"name":"SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp5"}}},{"category":"product_name","name":"SUSE Studio Onsite 1.3","product":{"name":"SUSE Studio Onsite 1.3","product_id":"SUSE Studio Onsite 1.3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-studioonsite:1.3"}}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"ruby2.1-rubygem-passenger","product":{"name":"ruby2.1-rubygem-passenger","product_id":"ruby2.1-rubygem-passenger","product_identification_helper":{"cpe":"cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ruby2.1-rubygem-passenger@?upstream=rubygem-passenger.src.rpm"}}},{"category":"product_version","name":"ruby2.7-rubygem-passenger-6.0.8-3.2","product":{"name":"ruby2.7-rubygem-passenger-6.0.8-3.2","product_id":"ruby2.7-rubygem-passenger-6.0.8-3.2","product_identification_helper":{"purl":"pkg:rpm/suse/ruby2.7-rubygem-passenger@6.0.8-3.2"}}},{"category":"product_version","name":"ruby3.0-rubygem-passenger-6.0.8-3.2","product":{"name":"ruby3.0-rubygem-passenger-6.0.8-3.2","product_id":"ruby3.0-rubygem-passenger-6.0.8-3.2","product_identification_helper":{"purl":"pkg:rpm/suse/ruby3.0-rubygem-passenger@6.0.8-3.2"}}},{"category":"product_version","name":"rubygem-passenger","product":{"name":"rubygem-passenger","product_id":"rubygem-passenger","product_identification_helper":{"cpe":"cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/rubygem-passenger@?upstream=rubygem-passenger.src.rpm"}}},{"category":"product_version","name":"rubygem-passenger-6.0.8-3.2","product":{"name":"rubygem-passenger-6.0.8-3.2","product_id":"rubygem-passenger-6.0.8-3.2","product_identification_helper":{"cpe":"cpe:2.3:a:phusion:passenger:6.0.8:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/rubygem-passenger@6.0.8-3.2?upstream=rubygem-passenger-6.0.8-3.2.src.rpm"}}},{"category":"product_version","name":"rubygem-passenger-apache2","product":{"name":"rubygem-passenger-apache2","product_id":"rubygem-passenger-apache2","product_identification_helper":{"cpe":"cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/rubygem-passenger-apache2@?upstream=rubygem-passenger.src.rpm"}}},{"category":"product_version","name":"rubygem-passenger-apache2-6.0.8-3.2","product":{"name":"rubygem-passenger-apache2-6.0.8-3.2","product_id":"rubygem-passenger-apache2-6.0.8-3.2","product_identification_helper":{"cpe":"cpe:2.3:a:phusion:passenger:6.0.8:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/rubygem-passenger-apache2@6.0.8-3.2?upstream=rubygem-passenger-6.0.8-3.2.src.rpm"}}},{"category":"product_version","name":"rubygem-passenger-nginx","product":{"name":"rubygem-passenger-nginx","product_id":"rubygem-passenger-nginx","product_identification_helper":{"cpe":"cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/rubygem-passenger-nginx@?upstream=rubygem-passenger.src.rpm"}}},{"category":"product_version","name":"rubygem-passenger-nginx-6.0.8-3.2","product":{"name":"rubygem-passenger-nginx-6.0.8-3.2","product_id":"rubygem-passenger-nginx-6.0.8-3.2","product_identification_helper":{"cpe":"cpe:2.3:a:phusion:passenger:6.0.8:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/rubygem-passenger-nginx@6.0.8-3.2?upstream=rubygem-passenger-6.0.8-3.2.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"ruby2.7-rubygem-passenger-6.0.8-3.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2"},"product_reference":"ruby2.7-rubygem-passenger-6.0.8-3.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ruby3.0-rubygem-passenger-6.0.8-3.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2"},"product_reference":"ruby3.0-rubygem-passenger-6.0.8-3.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-6.0.8-3.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2"},"product_reference":"rubygem-passenger-6.0.8-3.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-apache2-6.0.8-3.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2"},"product_reference":"rubygem-passenger-apache2-6.0.8-3.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-nginx-6.0.8-3.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2"},"product_reference":"rubygem-passenger-nginx-6.0.8-3.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger as component of SUSE Lifecycle Management Server 1.3","product_id":"SUSE Lifecycle Management Server 1.3:rubygem-passenger"},"product_reference":"rubygem-passenger","relates_to_product_reference":"SUSE Lifecycle Management Server 1.3"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-apache2 as component of SUSE Lifecycle Management Server 1.3","product_id":"SUSE Lifecycle Management Server 1.3:rubygem-passenger-apache2"},"product_reference":"rubygem-passenger-apache2","relates_to_product_reference":"SUSE Lifecycle Management Server 1.3"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-nginx as component of SUSE Lifecycle Management Server 1.3","product_id":"SUSE Lifecycle Management Server 1.3:rubygem-passenger-nginx"},"product_reference":"rubygem-passenger-nginx","relates_to_product_reference":"SUSE Lifecycle Management Server 1.3"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-passenger as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:ruby2.1-rubygem-passenger"},"product_reference":"ruby2.1-rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:rubygem-passenger"},"product_reference":"rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-apache2 as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:rubygem-passenger-apache2"},"product_reference":"rubygem-passenger-apache2","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-passenger as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:ruby2.1-rubygem-passenger"},"product_reference":"ruby2.1-rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:rubygem-passenger"},"product_reference":"rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-apache2 as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:rubygem-passenger-apache2"},"product_reference":"rubygem-passenger-apache2","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-passenger as component of SUSE Linux Enterprise High Performance Computing 12","product_id":"SUSE Linux Enterprise High Performance Computing 12:ruby2.1-rubygem-passenger"},"product_reference":"ruby2.1-rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 12"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger as component of SUSE Linux Enterprise High Performance Computing 12","product_id":"SUSE Linux Enterprise High Performance Computing 12:rubygem-passenger"},"product_reference":"rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 12"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-apache2 as component of SUSE Linux Enterprise High Performance Computing 12","product_id":"SUSE Linux Enterprise High Performance Computing 12:rubygem-passenger-apache2"},"product_reference":"rubygem-passenger-apache2","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 12"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-passenger as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:ruby2.1-rubygem-passenger"},"product_reference":"ruby2.1-rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:rubygem-passenger"},"product_reference":"rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-apache2 as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:rubygem-passenger-apache2"},"product_reference":"rubygem-passenger-apache2","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-passenger as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ruby2.1-rubygem-passenger"},"product_reference":"ruby2.1-rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rubygem-passenger"},"product_reference":"rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-apache2 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rubygem-passenger-apache2"},"product_reference":"rubygem-passenger-apache2","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-passenger as component of SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4:ruby2.1-rubygem-passenger"},"product_reference":"ruby2.1-rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger as component of SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4:rubygem-passenger"},"product_reference":"rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-apache2 as component of SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4:rubygem-passenger-apache2"},"product_reference":"rubygem-passenger-apache2","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-passenger as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ruby2.1-rubygem-passenger"},"product_reference":"ruby2.1-rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:rubygem-passenger"},"product_reference":"rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-apache2 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:rubygem-passenger-apache2"},"product_reference":"rubygem-passenger-apache2","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-passenger as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:ruby2.1-rubygem-passenger"},"product_reference":"ruby2.1-rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:rubygem-passenger"},"product_reference":"rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-apache2 as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:rubygem-passenger-apache2"},"product_reference":"rubygem-passenger-apache2","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-passenger as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ruby2.1-rubygem-passenger"},"product_reference":"ruby2.1-rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:rubygem-passenger"},"product_reference":"rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-apache2 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:rubygem-passenger-apache2"},"product_reference":"rubygem-passenger-apache2","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-passenger as component of SUSE Linux Enterprise Module for Containers 12","product_id":"SUSE Linux Enterprise Module for Containers 12:ruby2.1-rubygem-passenger"},"product_reference":"ruby2.1-rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Module for Containers 12"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger as component of SUSE Linux Enterprise Module for Containers 12","product_id":"SUSE Linux Enterprise Module for Containers 12:rubygem-passenger"},"product_reference":"rubygem-passenger","relates_to_product_reference":"SUSE Linux Enterprise Module for Containers 12"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-apache2 as component of SUSE Linux Enterprise Module for Containers 12","product_id":"SUSE Linux Enterprise Module for Containers 12:rubygem-passenger-apache2"},"product_reference":"rubygem-passenger-apache2","relates_to_product_reference":"SUSE Linux Enterprise Module for Containers 12"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger as component of SUSE Studio Onsite 1.3","product_id":"SUSE Studio Onsite 1.3:rubygem-passenger"},"product_reference":"rubygem-passenger","relates_to_product_reference":"SUSE Studio Onsite 1.3"},{"category":"default_component_of","full_product_name":{"name":"rubygem-passenger-nginx as component of SUSE Studio Onsite 1.3","product_id":"SUSE Studio Onsite 1.3:rubygem-passenger-nginx"},"product_reference":"rubygem-passenger-nginx","relates_to_product_reference":"SUSE Studio Onsite 1.3"}]},"vulnerabilities":[{"cve":"CVE-2018-12026","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-12026"}],"notes":[{"category":"general","text":"During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Lifecycle Management Server 1.3:rubygem-passenger","SUSE Lifecycle Management Server 1.3:rubygem-passenger-apache2","SUSE Lifecycle Management Server 1.3:rubygem-passenger-nginx","SUSE Linux Enterprise High Performance Computing 12:ruby2.1-rubygem-passenger","SUSE Linux Enterprise High Performance Computing 12:rubygem-passenger","SUSE Linux Enterprise High Performance Computing 12:rubygem-passenger-apache2","SUSE Linux Enterprise Module for Containers 12:ruby2.1-rubygem-passenger","SUSE Linux Enterprise Module for Containers 12:rubygem-passenger","SUSE Linux Enterprise Module for Containers 12:rubygem-passenger-apache2","SUSE Linux Enterprise Server 12 SP3:ruby2.1-rubygem-passenger","SUSE Linux Enterprise Server 12 SP3:rubygem-passenger","SUSE Linux Enterprise Server 12 SP3:rubygem-passenger-apache2","SUSE Linux Enterprise Server 12 SP4:ruby2.1-rubygem-passenger","SUSE Linux Enterprise Server 12 SP4:rubygem-passenger","SUSE Linux Enterprise Server 12 SP4:rubygem-passenger-apache2","SUSE Linux Enterprise Server 12 SP5:ruby2.1-rubygem-passenger","SUSE Linux Enterprise Server 12 SP5:rubygem-passenger","SUSE Linux Enterprise Server 12 SP5:rubygem-passenger-apache2","SUSE Linux Enterprise Server 12:ruby2.1-rubygem-passenger","SUSE Linux Enterprise Server 12:rubygem-passenger","SUSE Linux Enterprise Server 12:rubygem-passenger-apache2","SUSE Linux Enterprise Server for SAP Applications 12 SP3:ruby2.1-rubygem-passenger","SUSE Linux Enterprise Server for SAP Applications 12 SP3:rubygem-passenger","SUSE Linux Enterprise Server for SAP Applications 12 SP3:rubygem-passenger-apache2","SUSE Linux Enterprise Server for SAP Applications 12 SP4:ruby2.1-rubygem-passenger","SUSE Linux Enterprise Server for SAP Applications 12 SP4:rubygem-passenger","SUSE Linux Enterprise Server for SAP Applications 12 SP4:rubygem-passenger-apache2","SUSE Linux Enterprise Server for SAP Applications 12 SP5:ruby2.1-rubygem-passenger","SUSE Linux Enterprise Server for SAP Applications 12 SP5:rubygem-passenger","SUSE Linux Enterprise Server for SAP Applications 12 SP5:rubygem-passenger-apache2","SUSE Linux Enterprise Server for SAP Applications 12:ruby2.1-rubygem-passenger","SUSE Linux Enterprise Server for SAP Applications 12:rubygem-passenger","SUSE Linux Enterprise Server for SAP Applications 12:rubygem-passenger-apache2","SUSE Studio Onsite 1.3:rubygem-passenger","SUSE Studio Onsite 1.3:rubygem-passenger-nginx"],"recommended":["openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2","openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2","openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2","openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2","openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2"]},"references":[{"category":"external","summary":"CVE-2018-12026","url":"https://www.suse.com/security/cve/CVE-2018-12026"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1097655 for CVE-2018-12026","url":"https://bugzilla.suse.com/1097655"},{"category":"external","summary":"SUSE Bug 1097663 for CVE-2018-12026","url":"https://bugzilla.suse.com/1097663"},{"category":"external","summary":"SUSE Bug 1097664 for CVE-2018-12026","url":"https://bugzilla.suse.com/1097664"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2","openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2","openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2","openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2","openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2"]}],"scores":[{"cvss_v3":{"baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2","openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2","openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2","openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2","openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2"]}],"threats":[{"category":"impact","date":"2018-06-14T12:25:37Z","details":"critical"}],"title":"CVE-2018-12026"}]}