Could YNH be affected ?
https://www.openwall.com/lists/oss-security/2024/11/19/1
needrestart is not present on a debian install. This is more oriented towards an Ubuntu distribution that natively installs this package
To be more precise, needrestart is not install by default but it can be installed on Debian/Yunohost with apt.
I don’t always understand english well. What’s the problem? the attack can only be executed from local or can it be executed with an outside attacker? If it’s the first case, i don’t think it’s a big risk if there’s only trusted users. In second case, that’s not the same.
I use needrestart on yunohost, i’ve just uninstalled it but i’m waiting for your answer if i can install it again.
Well, I’m clearly not an expert so I’m not able to explain furthermore to you. And this is mainly why I asked here…
The issues are fixed in needrestart version 3.6-4+deb12u2 (which is already available for YunoHost) as you can see in the Debian security tracker. A click on any of the resolved issues shows more info.
1 Like