Advisory: CLSA-2024:1734028058
OS: Ubuntu 16.04 ELS
Public date: 2024-12-12 13:27:40
Project: needrestart
Version: 2.6-1+tuxcare.els1
Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2024-1734028058.html
* SECURITY UPDATE: Prevent running the Python interpreter with an attacker-controlled PYTHONPATH environment variable - debian/patches/CVE-2024-48990-CVE-2024-48991.patch: do not set PYTHONPATH environment variable to prevent a LPE and prevent race condition on /proc/$PID/exec evaluation - CVE-2024-48990 - CVE-2024-48991 * SECURITY UPDATE: Prevent running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable - debian/patches/CVE-2024-48992.patch: do not set RUBYLIB environment variable to prevent a LPE - CVE-2024-48992 * SECURITY UPDATE: Prevent running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable - debian/patches/CVE-2024-11003.patch, debian/control: drop usage of Module::ScanDeps to prevent LPE - CVE-2024-11003
Update command: apt-get update apt-get --only-upgrade install needrestart*
needrestart_2.6-1+tuxcare.els1_all.deb