Thomas Liske<p><a href="https://ibh.social/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a> 3.11 was recently released:<br><a href="https://github.com/liske/needrestart/releases/tag/v3.11" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/liske/needrestart/r</span><span class="invisible">eleases/tag/v3.11</span></a></p><p>This small release fixes warnings if no cgroup could be determined for processes. It also allows to ignore containers by their names and to customize the globs used to search for linux kernel images.</p><p>It was uploaded to Debian unstable just in time before the soft freeze for Debian trixie started on 2025-04-15 😅 Today it has migrated to trixie 🥳 </p><p><a href="https://ibh.social/tags/debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debian</span></a> <a href="https://ibh.social/tags/trixie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>trixie</span></a> <a href="https://ibh.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a></p>
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
8.7Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#needrestart
0 posts · 0 participants · 0 posts today
Christian Pietsch<p>PS</p><p>Der Autor von <a href="https://fedifreu.de/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a> ist hier: <span class="h-card" translate="no"><a href="https://ibh.social/@liske" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>liske</span></a></span> </p><p>Und ganz nebenbei hat er die <span class="h-card" translate="no"><a href="https://dresden.network/@dd_ix" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dd_ix</span></a></span> mitgegründet!</p>
Christian Pietsch<p>Lately I've been doing more <a href="https://fedifreu.de/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> again due to the current situation. Of course, I'm paying particular attention to power consumption and noise. After good experiences with the <a href="https://fedifreu.de/tags/ARM64" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ARM64</span></a> architecture, even with power-hungry applications such as <a href="https://fedifreu.de/about" rel="nofollow noopener" target="_blank">Mastodon</a>, I'm now using the smartphone technology for my homeservers, too.</p><p>There are <a href="https://fedifreu.de/tags/SBCs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBCs</span></a> with more open hardware, but the <a href="https://fedifreu.de/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RaspberryPi</span></a> is widely available, well documented, powerful and inexpensive. And it is available with up to 16 GB of RAM.</p><p>Anyone operating a server on the Internet must install <a href="https://fedifreu.de/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> updates quickly. However, many people forget to restart running software so that the new version runs instead of the old one. The <a href="https://fedifreu.de/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a> tool helps with this on Debian-based Linux systems, which unfortunately is usually not pre-installed.</p><p>On my Raspberry Pi 4, <code>needrestart</code> always runs correctly (automatically after <code>apt upgrade</code>). On my Raspberry Pi 5, however, I first had to create a configuration file as described by the main developer here:<br><a href="https://github.com/liske/needrestart/blob/master/README.raspberry.md" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/liske/needrestart/b</span><span class="invisible">lob/master/README.raspberry.md</span></a><br>Previously, the tool <em>always</em> claimed that a reboot was necessary because it thought an outdated Linux kernel was running.</p><p>Next, I want to activate <a href="https://fedifreu.de/tags/LUKS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LUKS</span></a> hard drive encryption on both raspis. Unfortunately, this is not as easy under <a href="https://fedifreu.de/tags/Raspbian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Raspbian</span></a> or <a href="https://fedifreu.de/tags/RaspberryPiOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RaspberryPiOS</span></a> as on other Debian systems. If you have managed this: Please let me know how you did it!</p><p><a href="https://fedifreu.de/tags/rpi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rpi</span></a> <a href="https://fedifreu.de/tags/rpi5" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rpi5</span></a> <a href="https://fedifreu.de/tags/raspi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>raspi</span></a> <a href="https://fedifreu.de/tags/raspberrypi5" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>raspberrypi5</span></a> <a href="https://fedifreu.de/tags/homeserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homeserver</span></a> <a href="https://fedifreu.de/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> <a href="https://fedifreu.de/tags/selfhost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhost</span></a> <a href="https://fedifreu.de/tags/selfhosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosted</span></a></p>
Aurin Azadî<p><span class="h-card" translate="no"><a href="https://fedifreu.de/@chpietsch" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>chpietsch</span></a></span> Oh, <a href="https://mastodon.de/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a> klingt gut, ich glaub, das kleb ich mir auch auf den Server. 🤓</p>
Christian Pietsch<p>In letzter Zeit mache ich aus gegebenem Anlass wieder mehr <a href="https://fedifreu.de/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a>. Natürlich achte ich dabei besonders auf den Stromverbrauch. Nach guten Erfahrungen mit der <a href="https://fedifreu.de/tags/ARM64" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ARM64</span></a>-Architektur selbst bei leistungshungrigen Anwendungen wie <a href="https://fedifreu.de/about" rel="nofollow noopener" target="_blank">Mastodon</a> setze ich jetzt auch zuhause auf auf die aus Smartphones bekannte Technologie.</p><p>Es gibt zwar <a href="https://fedifreu.de/tags/SBCs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBCs</span></a> mit offenerer Hardware, aber der <a href="https://fedifreu.de/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RaspberryPi</span></a> ist überall erhältlich, gut dokumentiert, leistungsfähig und preiswert. Und es gibt ihn mit bis zu 16 GB RAM.</p><p>Wer einen Server am Internet betreibt, muss zügig <a href="https://fedifreu.de/tags/Sicherheitsupdates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheitsupdates</span></a> einspielen. Viele vergessen aber, laufende Software neuzustarten, damit die neue Version läuft statt der alten. Dabei hilft auf debianbasierten Linux-Systemen das Tool <a href="https://fedifreu.de/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a>, das leider meist nicht vorinstalliert ist.</p><p>Auf meinem Raspberry Pi 4 läuft <code>needrestart</code> schon immer korrekt (automatisch nach <code>apt upgrade</code>). Auf meinem Raspberry Pi 5 musste ich aber erst eine Konfigurationsdatei anlegen, wie es der Hauptentwickler hier beschreibt:<br><a href="https://github.com/liske/needrestart/blob/master/README.raspberry.md" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/liske/needrestart/b</span><span class="invisible">lob/master/README.raspberry.md</span></a><br>Bis dahin behauptete das Tool <em>immer</em>, dass ein reboot nötig sei, weil ein veralteter Linux-Kernel laufe.</p><p>Als nächstes will ich auf beiden Raspis die Festplattenverschlüsselung aktivieren. Das ist unter <a href="https://fedifreu.de/tags/Raspbian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Raspbian</span></a> bzw. <a href="https://fedifreu.de/tags/RaspberryPiOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RaspberryPiOS</span></a> leider nicht so einfach wie auf anderen Debian-Systemen. Wenn ihr das geschafft habt: Schreibt gern eure Tipps!</p><p><a href="https://fedifreu.de/tags/rpi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rpi</span></a> <a href="https://fedifreu.de/tags/rpi5" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rpi5</span></a> <a href="https://fedifreu.de/tags/raspi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>raspi</span></a> <a href="https://fedifreu.de/tags/raspberrypi5" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>raspberrypi5</span></a> <a href="https://fedifreu.de/tags/homeserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homeserver</span></a> <a href="https://fedifreu.de/tags/howto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>howto</span></a> <a href="https://fedifreu.de/tags/til" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>til</span></a></p>
Thomas Liske<p><a href="https://ibh.social/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a> 3.9 was released:<br><a href="https://github.com/liske/needrestart/releases/tag/v3.9" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/liske/needrestart/r</span><span class="invisible">eleases/tag/v3.9</span></a></p><p>Many thanks to all the bug reporters and contributors! 🙏 </p><p>It has already migrated to Debian Trixie and and I appreciate (timely) feedback so problems might be solved upstream before trixie freeze (2025-04-15) begins 😉 </p><p>I'm already aware of a dash related issue with the changes for a better systemd --user support. You can track known upstream issues which will be fixed in 3.10 here: <a href="https://github.com/liske/needrestart/milestone/15" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/liske/needrestart/m</span><span class="invisible">ilestone/15</span></a></p><p><a href="https://ibh.social/tags/debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debian</span></a> <a href="https://ibh.social/tags/Trixie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trixie</span></a> <a href="https://ibh.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a></p>
Thomas Liske<p><span class="h-card" translate="no"><a href="https://mastodon.social/@jpmens" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jpmens</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@antondollmaier" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>antondollmaier</span></a></span> </p><p>You could add -k to only check the kernel, so needrestart did not need to scan all the processes.</p><p>(<a href="https://ibh.social/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a> -vkp shows the found kernel files and their version string)</p>
Habr<p>Linux LPE через Needrestart (CVE-2024-48990)</p><p>19 ноября 2024 года компания Qualys публично раскрыла информацию о пяти уязвимостях в утилите Needrestart . Эти уязвимости касаются локальной эскалации привилегий( LPE ) и были найдены в бинарном файле. CVE-2024-48990 затрагивает версии Needrestart до 3.8 . В Ubuntu она применяется по умолчанию с версии 21.04 . Также проблема актуальна для Debian , Fedora и других дистрибутивов Linux . LPE ( Local Privilege Escalation ) позволяет злоумышленнику повысить свои привилегии в системе, получив доступ к действиям, доступным только администраторам (например, root -доступ). Это может использоваться для установки вредоносного ПО, управления системой, обхода ограничений безопасности и доступа к конфиденциальным данным. Основная цель — получить полный контроль над системой. Уязвимость имеет оценку в 7.8 баллов по CVSS .</p><p><a href="https://habr.com/ru/articles/866582/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">habr.com/ru/articles/866582/</span><span class="invisible"></span></a></p><p><a href="https://zhub.link/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://zhub.link/tags/lpe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lpe</span></a> <a href="https://zhub.link/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a> <a href="https://zhub.link/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> #2024</p>
Julien M.<a class="hashtag" href="https://pleroma.autogeree.net/tag/infosec" rel="nofollow noopener" target="_blank">#InfoSec</a> <a class="hashtag" href="https://pleroma.autogeree.net/tag/needrestart" rel="nofollow noopener" target="_blank">#needrestart</a> <a class="hashtag" href="https://pleroma.autogeree.net/tag/qualys" rel="nofollow noopener" target="_blank">#Qualys</a> <a class="hashtag" href="https://pleroma.autogeree.net/tag/securityadvisory" rel="nofollow noopener" target="_blank">#SecurityAdvisory</a><br><blockquote><strong>Local Privilege Escalations in needrestart</strong><br>We discovered three fundamental vulnerabilities in needrestart (three<br>LPEs, Local Privilege Escalations, from any unprivileged user to full<br>root), which are exploitable without user interaction on <a class="hashtag" href="https://pleroma.autogeree.net/tag/ubuntu" rel="nofollow noopener" target="_blank">#Ubuntu</a> Server<br>(through unattended-upgrades)<br></blockquote><a href="https://www.openwall.com/lists/oss-security/2024/11/19/1" rel="nofollow noopener" target="_blank">https://www.openwall.com/lists/oss-security/2024/11/19/1</a>
Habr<p>Security Week 2448: десятилетняя уязвимость в утилите needrestart</p><p>На прошлой неделе специалисты компании Qualys сообщили об обнаружении достаточно серьезной уязвимости в утилите needrestart . Данная утилита используется, в частности, в ОС Ubuntu Server начиная с версии 21.04 и запускается после установки и обновления программных пакетов. Ее задача — определить, что система или отдельные программы должны быть перезапущены в результате произведенных в системе изменений и инициировать перезапуск. Ошибки в коде программы обеспечивают сразу несколько способов выполнения произвольного кода. В результате получается надежное средство повышения привилегий обычного пользователя до root, так как сама needrestart выполняется с привилегиями суперпользователя. Формально в утилите были зафиксированы пять разных уязвимостей. Часть из них получила достаточно высокий рейтинг по шкале CVSS — 7,8 балла. Все уязвимости закрыты в версии needrestart 3.8, причем существовали они как минимум начиная с версии 0.8, выпущенной в 2014 году. Именно тогда в утилиту была добавлена возможность отслеживания интерпретаторов языков высокого уровня. Если сам интерпретатор был обновлен, вполне логично, что необходимо перезапустить программы на этом языке программирования. Отсутствие необходимых проверок позволяет в теории запустить не настоящий, установленный в системе, интерпретатор кода на языке Python или Ruby, а произвольную программу, путь к которой может задать атакующий.</p><p><a href="https://habr.com/ru/companies/kaspersky/articles/861020/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/kaspersk</span><span class="invisible">y/articles/861020/</span></a></p><p><a href="https://zhub.link/tags/ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ubuntu</span></a> <a href="https://zhub.link/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a></p>
Thomas Liske<p>There is a regression that reports false positives for processes running in a chroot or some mountns (read: container). This only happens if the process binary does not exist in the root mountns.</p><p>This is tracked upstream in issue #317 <a href="https://github.com/liske/needrestart/issues/317#issuecomment-2495949384" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/liske/needrestart/i</span><span class="invisible">ssues/317#issuecomment-2495949384</span></a></p><p>A patch proposal is already available and awaits feedback and (security) review. This should be finished in the next few days.</p><p>Sorry any inconvenience caused by this regression 😟 </p><p><a href="https://ibh.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://ibh.social/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a></p>
Marcel SIneM(S)US<p><a href="https://social.tchncs.de/tags/UbuntuServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UbuntuServer</span></a>: Root-Lücke durch <a href="https://social.tchncs.de/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a>-Komponente | Security <a href="https://www.heise.de/news/Ubuntu-Server-Root-Luecke-durch-needrestart-Komponente-10083933.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Ubuntu-Server-Ro</span><span class="invisible">ot-Luecke-durch-needrestart-Komponente-10083933.html</span></a> <a href="https://social.tchncs.de/tags/Patchday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Patchday</span></a> <a href="https://social.tchncs.de/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> :tux: <a href="https://social.tchncs.de/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ubuntu</span></a> :ubuntu:</p>
Felipe Molina 🔵<p>Ok, PoC and post of Qualys <a href="https://infosec.exchange/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2024-48990 <a href="https://blog.felipemolina.com/posts/needrestart/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.felipemolina.com/posts/ne</span><span class="invisible">edrestart/</span></a></p>
Felipe Molina 🔵<p>Heh, got the poc for <br><span class="h-card" translate="no"><a href="https://bird.makeup/users/qualys" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>qualys</span></a></span> <a href="https://infosec.exchange/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a> CVE-2024-48990 in a couple of hours 😄</p>
Ricardo Martín :bsdhead:<p>Upgrade to version 3.8 or later of needrestart *now*</p><p>"We discovered three fundamental vulnerabilities in needrestart (three LPEs, Local Privilege Escalations, from any unprivileged user to full root), which are exploitable without user interaction on Ubuntu Server"</p><p><a href="https://www.qualys.com/2024/11/19/needrestart/needrestart.txt" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">qualys.com/2024/11/19/needrest</span><span class="invisible">art/needrestart.txt</span></a></p><p><a href="https://mastodon.bsd.cafe/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.bsd.cafe/tags/ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ubuntu</span></a> <a href="https://mastodon.bsd.cafe/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a></p>
Christian Schmidt<p><a href="https://norden.social/tags/Mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mastodon</span></a> Instanzbetreiber aufgepasst!</p><p>»Seit <a href="https://norden.social/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ubuntu</span></a> 21.04 bringen Ubuntu-Server standardmäßig eine installierte Komponente Namens "<a href="https://norden.social/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a>" mit. IT-Sicherheitsforscher haben darin nun fünf Sicherheitslücken aufgespürt, durch die Angreifer ihre Rechte auf "root"-Zugriff ausweiten können.«<br><a href="https://www.heise.de/news/Ubuntu-Server-Root-Luecke-durch-needrestart-Komponente-10083933.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Ubuntu-Server-Ro</span><span class="invisible">ot-Luecke-durch-needrestart-Komponente-10083933.html</span></a></p>
Thomas Liske<p>Besides the security fixes the <a href="https://ibh.social/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a> 3.8 release contains a new feature and a bunch of bug fixes.</p><p>@cjwatson@debian.org has contributed support for <a href="https://ibh.social/tags/Incus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Incus</span></a> based containers.</p><p>@lelutin contributed a fix to make the OpenMetrics output <a href="https://ibh.social/tags/prometheus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>prometheus</span></a> compatible.</p><p>@onyxmaster has provided fixes for nasty bugs.</p><p><a href="https://ibh.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a></p>
Thomas Liske<p><a href="https://ibh.social/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a> 3.8 was released:<br><a href="https://github.com/liske/needrestart/releases/tag/v3.8" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/liske/needrestart/r</span><span class="invisible">eleases/tag/v3.8</span></a></p><p>This coordinated release contains 4 security fixes for local privilege escalations found by the Qualys Security Advisory team: <a href="https://www.qualys.com/2024/11/19/needrestart/needrestart.txt" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">qualys.com/2024/11/19/needrest</span><span class="invisible">art/needrestart.txt</span></a></p><p>An local attacker can trick needrestart to execute arbitrary code as root. Debian and Ubuntu already shipping security updates.</p><p>You should apply these updates in a timely manner. These issues can be mitigated by disabling the interpreter heuristic.</p><p><a href="https://ibh.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://ibh.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://ibh.social/tags/qualys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>qualys</span></a> <a href="https://ibh.social/tags/debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debian</span></a> <a href="https://ibh.social/tags/ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ubuntu</span></a></p>
Thomas Liske<p>After more than two years , I have finally managed to release needrestart 3.7! 🥳 </p><p><a href="https://github.com/liske/needrestart/releases/tag/v3.7" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/liske/needrestart/r</span><span class="invisible">eleases/tag/v3.7</span></a></p><p>I am always overwhelmed by the many contributions to this project - did I mention that it is written in perl5? Many thanks to all previous and first-time contributors, without whom it would not be possible to maintain this project! 🤝 🙏 </p><p><a href="https://ibh.social/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>needrestart</span></a> <a href="https://ibh.social/tags/perl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>perl</span></a> <a href="https://ibh.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a></p>
MsDropbear 🌈♀:arch: :plasma:<p>Just did a small batch of <a href="https://fosstodon.org/tags/ArchLinux" class="mention hashtag" rel="tag">#<span>ArchLinux</span></a> updates, a couple of days after the bigger last lot that included lovely <a href="https://fosstodon.org/tags/KDEPlasma" class="mention hashtag" rel="tag">#<span>KDEPlasma</span></a> 5.27.0, logged out & toggled to tty2, used <a href="https://fosstodon.org/tags/needrestart" class="mention hashtag" rel="tag">#<span>needrestart</span></a> to restart the various services sans-reboot, toggled back to <a href="https://fosstodon.org/tags/SDDM" class="mention hashtag" rel="tag">#<span>SDDM</span></a> & logged back in, then before relaunching my <a href="https://fosstodon.org/tags/FirefoxNightly" class="mention hashtag" rel="tag">#<span>FirefoxNightly</span></a>, <a href="https://fosstodon.org/tags/Goodvibes" class="mention hashtag" rel="tag">#<span>Goodvibes</span></a> & <a href="https://fosstodon.org/tags/Thunderbird" class="mention hashtag" rel="tag">#<span>Thunderbird</span></a> [all in <a href="https://fosstodon.org/tags/Firejail" class="mention hashtag" rel="tag">#<span>Firejail</span></a> ofc] i took a moment to gaze contemplatively at my <a href="https://fosstodon.org/tags/Wayland" class="mention hashtag" rel="tag">#<span>Wayland</span></a> desktop, & reflected for the umpteenth time; how GREAT is <a href="https://fosstodon.org/tags/FOSS" class="mention hashtag" rel="tag">#<span>FOSS</span></a>!! 🎉 </p><p><a href="https://fosstodon.org/tags/PlasmaParadise" class="mention hashtag" rel="tag">#<span>PlasmaParadise</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload