stable

needrestart-3.8-1.fc41

FEDORA-2024-a9cf3dad4f created by ngompa a month ago for Fedora 41

Rebase to fix CVEs

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-a9cf3dad4f

This update has been submitted for testing by ngompa.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

ngompa edited this update.

a month ago
User Icon farchord provided feedback a month ago
karma
BZ#2327536 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-41]
BZ#2327541 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-41]
BZ#2327546 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-41]
User Icon music commented & provided feedback a month ago

It seems like https://bugzilla.redhat.com/show_bug.cgi?id=2327553 should be associated with this update, too.

ngompa edited this update.

a month ago
User Icon music commented & provided feedback a month ago
karma

The upstream release notes for the packaged version claim it fixes the mentioned CVE’s, and the command-line tool passed a quick “smoke test” in a mock chroot.

BZ#2327536 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-41]
BZ#2327541 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-41]
BZ#2327546 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-41]
BZ#2327553 CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-41]

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
a month ago
in stable
a month ago
modified
a month ago
approved
a month ago
BZ#2327536 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-41]
0
2
BZ#2327541 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-41]
0
2
BZ#2327546 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-41]
0
2
BZ#2327553 CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-41]
0
1

Automated Test Results