We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3).
Reserved 2024-10-11 | Published 2024-11-19 | Updated 2024-12-03 | Assigner canonicalQualys
Thomas Liske
Mark Esler
Salvatore Bonaccorso
Ivan Kurnosov
www.cve.org/CVERecord?id=CVE-2024-48991
github.com/...ommit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59
github.com/...ommit/42af5d328901287a4f79d1f5861ac827a53fd56d
www.qualys.com/2024/11/19/needrestart/needrestart.txt
Support options