stable

needrestart-3.8-1.fc39

FEDORA-2024-6015ee69f0 created by ngompa a month ago for Fedora 39

Rebase to fix CVEs

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-6015ee69f0

This update has been submitted for testing by ngompa.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago
User Icon farchord provided feedback a month ago
karma
BZ#2327533 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-39]
BZ#2327539 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-39]
BZ#2327544 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-39]
BZ#2327551 CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-39]
User Icon music commented & provided feedback a month ago
karma

The upstream release notes for the packaged version claim it fixes the mentioned CVE’s, and the command-line tool passed a quick “smoke test” in a mock chroot.

BZ#2327533 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-39]
BZ#2327539 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-39]
BZ#2327544 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-39]
BZ#2327551 CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-39]

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
a month ago
in stable
a month ago
approved
a month ago
BZ#2327533 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-39]
0
2
BZ#2327539 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-39]
0
2
BZ#2327544 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-39]
0
2
BZ#2327551 CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-39]
0
2

Automated Test Results