All versions of Passenger
This update patches a vulnerability where a user can list the contents of arbitrary files on the system when Passenger runs as the root user.
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 16, 2017, with a patch for Passenger. Your server will be patched over the next 24 to 48 hours. No action necessary.