Security Advisory

needrestart security update advisory

  • Nov 22 2024

Overview

An update has been released to address vulnerabilities in needrestart. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992

  • needrestart versions: ~ 3.8 (excluded)

 

Resolved Vulnerabilities

Command Injection Vulnerability in needrestart (CVE-2024-11003)

Arbitrary code execution vulnerability due to lack of validation of environment variables referenced when running needrestart (CVE-2024-48990, CVE-2024-48992)

Code execution due to a race condition vulnerability in needrestart (CVE-2024-48991)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992

  • needrestart version: 3.8

 

If you are running an operating system that has released security updates, Please refer to the Referenced Sites to perform security actions or updates.

Ubuntu

  • Referenced Sites [6] ~ [9]

 

Debian

  • Referenced Sites [10] ~ [13]

     

Referenced Sites

 

[1] CVE-2024-11003 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-11003

[2] CVE-2024-48990 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-48990

[3] CVE-2024-48991 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-48991

[4] CVE-2024-48992 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-48992

[5] github/needrestart

https://github.com/liske/needrestart/releases/tag/v3.8

[6] cve-2024-11003

https://ubuntu.com/security/CVE-2024-11003

[7] cve-2024-48990

https://ubuntu.com/security/CVE-2024-48990

[8] cve-2024-48991

https://ubuntu.com/security/CVE-2024-48991

[9] cve-2024-48992

https://ubuntu.com/security/CVE-2024-48992

[10] cve-2024-11003

https://security-tracker.debian.org/tracker/CVE-2024-11003

[11] cve-2024-48990

https://security-tracker.debian.org/tracker/CVE-2024-48990

[12] cve-2024-48991

https://security-tracker.debian.org/tracker/CVE-2024-48991

[13] cve-2024-48992

https://security-tracker.debian.org/tracker/CVE-2024-48992

Tags:

Previous Post

Next Post