We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
Reserved 2024-10-11 | Published 2024-11-19 | Updated 2024-11-19 | Assigner canonicalQualys
Thomas Liske
Mark Esler
www.cve.org/CVERecord?id=CVE-2024-48990
github.com/liske/needrestart/commit/fcc9a4401392231bef4ef5ed026a0d7a275149ab
www.qualys.com/2024/11/19/needrestart/needrestart.txt
Support options