-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 12 Nov 2024 20:51:08 +0100 Source: needrestart Binary: needrestart Architecture: all Version: 3.6-4+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Salvatore Bonaccorso Description: needrestart - check which daemons need to be restarted after library upgrades Changes: needrestart (3.6-4+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Address local privilege escalation vulnerabilities from any unprivileged user to root (CVE-2024-48990, CVE-2024-48992, CVE-2024-48991, CVE-2024-11003): - core: prevent race condition on /proc/$PID/exec evaluation - interp: do not set PYTHONPATH environment variable to prevent a LPE - interp: do not set RUBYLIB environment variable to prevent a LPE - interp: chdir into empty directory to prevent python parsing arbitrary files - interp: drop usage of Module::ScanDeps to prevent LPE * debian/control: Drop Depends on libmodule-scandeps-perl Checksums-Sha1: 4b23d6af9b4c1d95bf09698b999e939ecfd396a7 5804 needrestart_3.6-4+deb12u2_all-buildd.buildinfo 68f4154efd6acbe56bc2a820f1506421b181475e 60336 needrestart_3.6-4+deb12u2_all.deb Checksums-Sha256: b014a1503bb111d4683e26214a3e0f5ba830e862c7c06b817205d2ff8c769bb2 5804 needrestart_3.6-4+deb12u2_all-buildd.buildinfo 18dcdbdd06b2ef6423022dcd8d547fa814f3158bb1c83fae99fa626b8449a0d6 60336 needrestart_3.6-4+deb12u2_all.deb Files: 96ddbbffd3200aaa446b3d2a5693b35f 5804 admin optional needrestart_3.6-4+deb12u2_all-buildd.buildinfo 39f0d95f8c7c589a7dbcb27f2d3183dd 60336 admin optional needrestart_3.6-4+deb12u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErEDrIdpJkzFMm6K+PyQET5WCY90FAmc40Y8ACgkQPyQET5WC Y924gw/9FigO/RF1xFKZtbR7wCudbjRYF6HoLchaU8OxbwkrVwde5PzKkubVScfe Ts6f9hcXMbp0eW3tJ6c/lcWYs88Zvtr1kby2wzSVMtuYMpU0rN5KbcM+RFfWXw/w zUzlePKFsBzLeKZd19wJbn+BZv3cKZezKpXHPyycIJXaG9LsGCqqpRKXotEhpaTW fLF57+IPd2M1Ufad9HlQ8C+5f+21rk1G/+ISAPncrykdZQbcLM+IBCy89wymz43k Wnam+WNe9O9GjT/knydcy/yye5kr+dBnqG6SGOk5CD3lEIh9ZKYHxeB6KE26X1lC PieuHycmxPcybsOAL3mFaQ0PaKPpGu2JjmTyxxvQUGE2NI1EVOrVaA2lUDlhY3MF 10Tsa0aRIqhohkY8cZ6b83FZCmozH10cgTb6OKdhkNtVgimgwwfrBWXZfAKq9VF6 D7DU6by3XBRB6WprnWKgDD/hKpvJppyBFWUCWp11Wt6QVh3N0LlKpYylJKs4yCSP +WSBwnrm+4YLDhWHhN+Wwvmj+nozJhQylbmkVt0fS9fAlJlCbFOAMA71cswFueo0 XagDkEbCwm7mbVJU/ShKE99M4N+nGWDfYuY3ggQEjKWGNbb88YNtWWW479XuJM+h NU2NFB6q4geR54l087AUCEfpeHes9c8uxBxSZtt6xY5jI8orPeM= =O95U -----END PGP SIGNATURE-----