Liske

**Name of the Vulnerable Software and Affected Versions** needrestart versions prior to 3.8 **Description** The issue is related to needrestart passing unsanitized data to a library, which expects safe input. This could allow a local attacker to execute arbitrary shell commands with root privileges. **Recommendations** For versions prior to 3.8, update to version 3.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `needrestart` utility until a patch is applied. Avoid using the `needrestart` utility with unsanitized input data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** needrestart versions prior to 3.8 **Description** The issue is related to an uncontrolled search path element in the needrestart utility. Exploitation of this issue may allow an attacker to execute arbitrary code in the context of the root user by manipulating the `RUBYLIB` environment variable. This can be achieved by tricking needrestart into running the Ruby interpreter with an attacker-controlled `RUBYLIB` variable. **Recommendations** For versions prior to 3.8, update to version 3.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `RUBYLIB` environment variable to minimize the risk of exploitation.