AFFECTED VERSIONS All versions of Passenger
DESCRIPTION This update patches a vulnerability where a user can list the contents of arbitrary files on the system when Passenger runs as the root user.
SOLUTION cPanel, Inc. has released updated RPMs for EasyApache 4 on October 16, 2017, with a patch for Passenger. Your server will be patched over the next 24 to 48 hours. No action necessary.
REFERENCES https://blog.phusion.nl/2017/10/16/passenger-5-1-11/ https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/