Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 845198 (CVE-2022-30688)

Summary: <app-admin/needrestart-3.6: local privilege escalation
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: candrews
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/liske/needrestart/releases/tag/v3.6
Whiteboard: B1 [glsa? cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 858161    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-17 17:56:02 UTC 
From URL:

"[Interp] CVE-2022-30688: Anchor interpreter regex to prevent local privilege escalation. (responsibly reported by Jakub Wilk)"

Please bump to 3.6.
Comment 1 Craig Andrews gentoo-dev 2022-05-17 18:09:22 UTC 
3.6 was added earlier today

https://github.com/gentoo/gentoo/commit/e1d65a7676577d30ae43814a087b908d427bb37a
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-17 18:44:04 UTC 
Sorry, thanks! Please stabilize.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-15 16:07:10 UTC 
Please cleanup
Comment 4 Larry the Git Cow gentoo-dev 2022-07-16 15:18:47 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0dbbcd18be0a4da7d486b30759d9d73014495ab

commit e0dbbcd18be0a4da7d486b30759d9d73014495ab
Author:     Craig Andrews <candrews@gentoo.org>
AuthorDate: 2022-07-15 16:17:58 +0000
Commit:     Craig Andrews <candrews@gentoo.org>
CommitDate: 2022-07-16 15:18:40 +0000

    app-admin/needrestart: Cleanup old version
    
    Closes: https://bugs.gentoo.org/845198
    
    Signed-off-by: Craig Andrews <candrews@gentoo.org>

 app-admin/needrestart/needrestart-3.5.ebuild | 42 ----------------------------
 1 file changed, 42 deletions(-)