View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-10345 severity moderate: SUSE including 3 source package names (rubygem-passenger-3.0.14-0.17.1, rubygem-passenger-apache2-3.0.14-0.17.1, rubygem-passenger-nginx-3.0.14-0.17.1), 7 product×package rows across 3 product lines (SUSE Lifecycle Management Server 1.3, SUSE Studio Onsite 1.3, SUSE WebYast 1.3): Fixed 7.
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.