Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z0rn3SWFSp5pHKb_@eldamar.lan>
Date: Sat, 30 Nov 2024 11:24:29 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Local Privilege Escalations in needrestart

Hi all,

On Tue, Nov 26, 2024 at 12:31:34PM -0800, Mark Esler wrote:
> The security fix for CVE-2024-48991, 6ce6136 (“core: prevent race
> condition on /proc/$PID/exec evaluation”) [0], introduced a regression
> which was subsequently fixed 42af5d3 ("core: fix regression of false
> positives for processes running in chroot or mountns (#317)") [1].
> 
> Many thanks to Ivan Kurnosov and Salvatore Bonaccorso for their review.
> 
> [0] https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59
> [1] https://github.com/liske/needrestart/commit/42af5d328901287a4f79d1f5861ac827a53fd56d

Please note there was an update for the final merged commit:
https://github.com/liske/needrestart/issues/317#issuecomment-2506806378
https://github.com/liske/needrestart/commit/e17b5644aff0f9eaeb422af7013b9c88ffc44423

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.