Re: [oss-security] Local Privilege Escalations in needrestart

Salvatore Bonaccorso Sat, 30 Nov 2024 02:24:57 -0800

Hi all,

On Tue, Nov 26, 2024 at 12:31:34PM -0800, Mark Esler wrote:
> The security fix for CVE-2024-48991, 6ce6136 (“core: prevent race
> condition on /proc/$PID/exec evaluation”) [0], introduced a regression
> which was subsequently fixed 42af5d3 ("core: fix regression of false
> positives for processes running in chroot or mountns (#317)") [1].
> 
> Many thanks to Ivan Kurnosov and Salvatore Bonaccorso for their review.
> 
> [0] 
> https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59
> [1] 
> https://github.com/liske/needrestart/commit/42af5d328901287a4f79d1f5861ac827a53fd56d


Please note there was an update for the final merged commit:
https://github.com/liske/needrestart/issues/317#issuecomment-2506806378
https://github.com/liske/needrestart/commit/e17b5644aff0f9eaeb422af7013b9c88ffc44423

Regards,
Salvatore

Re: [oss-security] Local Privilege Escalations in needrestart

Reply via email to