stable

needrestart-3.8-1.fc40

FEDORA-2024-d2124788a8 created by ngompa a year ago for Fedora 40

Rebase to fix CVEs

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-d2124788a8

This update has been submitted for testing by ngompa.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

ngompa edited this update.

a year ago
User Icon farchord provided feedback a year ago
karma
BZ#2327534 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-40]
BZ#2327540 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-40]
BZ#2327545 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-40]
BZ#2327552 CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-40]
User Icon music commented & provided feedback a year ago
karma

The upstream release notes for the packaged version claim it fixes the mentioned CVE’s, and the command-line tool passed a quick “smoke test” in a mock chroot.

BZ#2327534 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-40]
BZ#2327540 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-40]
BZ#2327545 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-40]
BZ#2327552 CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-40]

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please log in to add feedback.

Metadata
Type
security
Severity
high
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
a year ago
in stable
a year ago
modified
a year ago
approved
a year ago
Builds
1
needrestart-3.8-1.fc40
BZ#2327534 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-40]
0
2
BZ#2327540 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-40]
0
2
BZ#2327545 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-40]
0
2
BZ#2327552 CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-40]
0
2
needrestart-3.8-1.fc40

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 26.4.0 on bodhi-web-6f874fb45-9hsfk.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy