stable

needrestart-3.8-1.fc40

FEDORA-2024-d2124788a8 created by ngompa a month ago for Fedora 40

Rebase to fix CVEs

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-d2124788a8

This update has been submitted for testing by ngompa.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

ngompa edited this update.

a month ago
User Icon farchord provided feedback a month ago
karma
BZ#2327534 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-40]
BZ#2327540 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-40]
BZ#2327545 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-40]
BZ#2327552 CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-40]
User Icon music commented & provided feedback a month ago
karma

The upstream release notes for the packaged version claim it fixes the mentioned CVE’s, and the command-line tool passed a quick “smoke test” in a mock chroot.

BZ#2327534 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-40]
BZ#2327540 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-40]
BZ#2327545 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-40]
BZ#2327552 CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-40]

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
a month ago
in stable
a month ago
modified
a month ago
approved
a month ago
BZ#2327534 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-40]
0
2
BZ#2327540 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-40]
0
2
BZ#2327545 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-40]
0
2
BZ#2327552 CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-40]
0
2

Automated Test Results