CVE-2022-30688 - Debian Debian Linux and Needrestart Project Needrestart
Critical 7.8
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
Affected software
Debian Debian Linux
Needrestart Project Needrestart
Reference links
- https://www.openwall.com/lists/oss-security/2022/05/17/9
- https://github.com/liske/needrestart/releases/tag/v3.6
- https://lists.debian.org/debian-security-announce/2022/msg00105.html
- https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30
- http://www.openwall.com/lists/oss-security/2022/05/17/9
- https://www.debian.org/security/2022/dsa-5137
- https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html