Joined: 12 May 2004
|Posted: Tue Jul 28, 2020 2:26 pm Post subject: [ GLSA 202007-40 ] Thin
|Gentoo Linux Security Advisory
Title: Thin: Privilege escalation (GLSA 202007-40)
A vulnerability was discovered in Thin which may allow local
attackers to kill arbitrary processes (denial of service).
Thin is a small and fast Ruby web server.
Vulnerable: <= 1.7.2
Architectures: All supported architectures
It was discovered that Gentoo’s Thin ebuild does not properly handle
its temporary runtime directories. This only affects OpenRC systems, as
the flaw was exploitable via the init script.
A local attacker could cause denial of service by killing arbitrary
There is no known workaround at this time.
Gentoo has discontinued support for Thin. We recommend that users
NOTE: The Gentoo developer(s) maintaining Thin have discontinued support
|# emerge --unmerge "www-servers/thin"
at this time. It may be possible that a new Gentoo developer will update
Thin at a later date. There are many other web servers available in the
tree in the www-servers category.