Red Hat Security Advisory 2013-1136-01 - rubygem-passenger is a web server for Ruby, Python and Node.js applications. The rubygem-passenger gem created and re-used temporary directories and files in an insecure fashion. A local attacker could use these flaws to conduct a denial of service attack, take over the operation of the application or, potentially, execute arbitrary code with the privileges of the user running rubygem-passenger. Note: By default, OpenShift Enterprise uses polyinstantiation for the /tmp/ directory, thereby minimizing the risk and impact of exploitation by local attackers of both CVE-2013-2119 and CVE-2013-4136.
145d2d1054ef84c2d2f4e31d12c8c8168fad64e9ee4bc03dff62ca5cafd2f4f6