-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3013-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 18, 2022 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : needrestart Version : 2.11-3+deb9u2 CVE ID : CVE-2022-30688 Debian Bug : 1011154 Jakub Wilk discovered a local privilege escalation in needrestart, a utility to check which daemons need to be restarted after library upgrades. Regular expressions to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files. For Debian 9 stretch, this problem has been fixed in version 2.11-3+deb9u2. We recommend that you upgrade your needrestart packages. For the detailed security status of needrestart please refer to its security tracker page at: https://security-tracker.debian.org/tracker/needrestart Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmKEQesACgkQgj6WdgbD S5b75BAAtO9RIWctdSGd/lRNDUwja8pcHQQypMPATn5jTYnAfXCHXH4CUu/gEvRB vylYc2y0OhREi6LVn1nA2etA/MmD7puH1gmU2A/lx8cYMgKg+uE8AS3EW/e1VqMs Uaeyz07jvmXt+BlC7oCQWvRNvLfMYozuKyJPWgHk6oCrHRgkxJ1FCijpB7MBuXHE w++KyeqT96oOe5mvBZ0ONh3XPC140+pUdld2thlvbdWVHni7/nQ/CPL9dYiBhgwG Mr/5LwF06Cz+0bkBmsKajWkNKu+kuiIrkVWf5yPY8L8Tfhj5d9Fi93wUbC/CqjPv 6PllyKXfcthjcNr/H3sMVK65q6WlDHSVQEp3f1XnYLenlU5XSb20517VtcO9zqyP gnA55uGpa0fdjxo6W9Kx6C7LXyTK6fGyA7IEooehrdIT+cbowjlbZJXJ6dNECmFM 6RIQT7+cYtF0H/3xhlEEE7kQXIL535Cf2bQwTZDrnUtfrHa2EF7Ozsy/vG5e4GWM MQAGcakZYQTkneEZ5r3faOncjAbJ5eIU83PHCvSIKmbI6uoNZ6orwibIvCY7kp9R bVcZYEAg/3GpuMYb1XYmmK2FwUBX4nQ693RLozBBcbec9TjjpCzqEAT1vViUUr1s 3cGNrgUH7Stu2EmRy1e4Ty2Wr/kZOBhIacb7ff0WOlYcVNtdBEY= =/crS -----END PGP SIGNATURE-----
