stable

needrestart-3.8-1.el8

FEDORA-EPEL-2024-6447a39121 created by ngompa a month ago for Fedora EPEL 8

Rebase to fix CVEs

This update has been submitted for testing by ngompa.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

ngompa edited this update.

a month ago
User Icon farchord provided feedback a month ago
karma
BZ#2327531 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [epel-8]
BZ#2327537 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [epel-8]
BZ#2327542 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [epel-8]
BZ#2327549 CVE-2024-48991 needrestart: arbitrary code execution via race condition [epel-8]
User Icon music commented & provided feedback a month ago
karma

The upstream release notes for the packaged version claim it fixes the mentioned CVE’s, and the command-line tool passed a quick “smoke test” in a mock chroot.

BZ#2327531 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [epel-8]
BZ#2327537 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [epel-8]
BZ#2327542 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [epel-8]
BZ#2327549 CVE-2024-48991 needrestart: arbitrary code execution via race condition [epel-8]

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
a month ago
in stable
a month ago
modified
a month ago
approved
a month ago
BZ#2327531 CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [epel-8]
0
2
BZ#2327537 CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [epel-8]
0
2
BZ#2327542 CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [epel-8]
0
2
BZ#2327549 CVE-2024-48991 needrestart: arbitrary code execution via race condition [epel-8]
0
2

Automated Test Results