Fedora Linux 8799 Published by

Updated needrestart packages are available for Fedora Linux 39, 40, and 41:

Fedora 40 Update: needrestart-3.8-1.fc40
Fedora 41 Update: needrestart-3.8-1.fc41
Fedora 39 Update: needrestart-3.8-1.fc39




[SECURITY] Fedora 40 Update: needrestart-3.8-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d2124788a8
2024-11-25 03:53:12.316733+00:00
--------------------------------------------------------------------------------

Name : needrestart
Product : Fedora 40
Version : 3.8
Release : 1.fc40
URL : https://github.com/liske/needrestart
Summary : Restart daemons after library updates
Description :
needrestart checks which daemons need to be restarted after library
upgrades. It is inspired by checkrestart from the debian-goodies
package.

--------------------------------------------------------------------------------
Update Information:

Rebase to fix CVEs
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 24 2024 Steve Cossette - 3.8-1
- Update to 3.8 to fix several CVEs:
- CVE-2024-48991: Prevent race condition on /proc/$PID/exec evaluation
- CVE-2024-11003: Drop usage of Module::ScanDeps to prevent LPE.
- CVE-2024-48990: Do not set PYTHONPATH environment variable to prevent a LPE.
- CVE-2024-48992: Do not set RUBYLIB environment variable to prevent a LPE.
* Fri Jul 26 2024 Miroslav Suchý - 3.6-14
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering - 3.6-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jun 7 2024 Python Maint - 3.6-12
- Rebuilt for Python 3.13
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2327534 - CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2327534
[ 2 ] Bug #2327540 - CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2327540
[ 3 ] Bug #2327545 - CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2327545
[ 4 ] Bug #2327552 - CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2327552
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d2124788a8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: needrestart-3.8-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a9cf3dad4f
2024-11-25 01:54:56.122877+00:00
--------------------------------------------------------------------------------

Name : needrestart
Product : Fedora 41
Version : 3.8
Release : 1.fc41
URL : https://github.com/liske/needrestart
Summary : Restart daemons after library updates
Description :
needrestart checks which daemons need to be restarted after library
upgrades. It is inspired by checkrestart from the debian-goodies
package.

--------------------------------------------------------------------------------
Update Information:

Rebase to fix CVEs
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 24 2024 Steve Cossette - 3.8-1
- Update to 3.8 to fix several CVEs:
- CVE-2024-48991: Prevent race condition on /proc/$PID/exec evaluation
- CVE-2024-11003: Drop usage of Module::ScanDeps to prevent LPE.
- CVE-2024-48990: Do not set PYTHONPATH environment variable to prevent a LPE.
- CVE-2024-48992: Do not set RUBYLIB environment variable to prevent a LPE.
* Fri Jul 26 2024 Miroslav Suchý - 3.6-14
- convert license to SPDX
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2327536 - CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2327536
[ 2 ] Bug #2327541 - CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2327541
[ 3 ] Bug #2327546 - CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2327546
[ 4 ] Bug #2327553 - CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2327553
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a9cf3dad4f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 39 Update: needrestart-3.8-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6015ee69f0
2024-11-25 01:26:53.705955+00:00
--------------------------------------------------------------------------------

Name : needrestart
Product : Fedora 39
Version : 3.8
Release : 1.fc39
URL : https://github.com/liske/needrestart
Summary : Restart daemons after library updates
Description :
needrestart checks which daemons need to be restarted after library
upgrades. It is inspired by checkrestart from the debian-goodies
package.

--------------------------------------------------------------------------------
Update Information:

Rebase to fix CVEs
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 24 2024 Steve Cossette - 3.8-1
- Update to 3.8 to fix several CVEs:
- CVE-2024-48991: Prevent race condition on /proc/$PID/exec evaluation
- CVE-2024-11003: Drop usage of Module::ScanDeps to prevent LPE.
- CVE-2024-48990: Do not set PYTHONPATH environment variable to prevent a LPE.
- CVE-2024-48992: Do not set RUBYLIB environment variable to prevent a LPE.
* Fri Jul 26 2024 Miroslav Suchý - 3.6-14
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering - 3.6-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jun 7 2024 Python Maint - 3.6-12
- Rebuilt for Python 3.13
* Thu Jan 25 2024 Fedora Release Engineering - 3.6-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering - 3.6-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2327533 - CVE-2024-48990 needrestart: arbitrary code execution via PYTHONPATH environment variable [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2327533
[ 2 ] Bug #2327539 - CVE-2024-11003 needrestart: local privilege escalation via unsanitized input [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2327539
[ 3 ] Bug #2327544 - CVE-2024-48992 needrestart: arbitrary code execution via RUBYLIB environment variable [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2327544
[ 4 ] Bug #2327551 - CVE-2024-48991 needrestart: arbitrary code execution via race condition [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2327551
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6015ee69f0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------