When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Ubuntu patches needrestart security vulnerability

Neowin · with 0 comments

The new Ubuntu logo

Canonical, the company behind Ubuntu, has announced that its security team has released updates that fix vulnerabilities in the needrestart and libmodule-scandeps-perl packages found by Qualys.

These packages have been installed by default in Ubuntu since Ubuntu 21.04 so it's important to install these updates.

Providing background on these vulnerabilities, Canonical says they allow Local Privilege Escalation (LPE) which means that a local attacker can use them to gain root privileges and do anything they like to the system. Explaining the specifics, the Ubuntu maker says:

"In CVE-24024-48991 a local attacker can control the Python interpreter by winning a time-of-check time-of-use race condition against needrestart.

In CVE-2024-10224, Qualys discovered that attacker-controlled input could cause the Module::ScanDeps Perl module to run arbitrary shell commands by open()ing a “pesky pipe” (such as by passing “commands|” as a filename) or by passing arbitrary strings to eval(). On its own, this is not enough for local privilege escalation. However, in CVE-2024-11003 needrestart passes attacker-controlled input (filenames) to Module::ScanDeps and triggers CVE-2024-10224 with root privilege. The fix for CVE-2024-11003 removes needrestart’s dependency on Module::ScanDeps."

The impacted versions are Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10 - that goes for the server and desktop installations. Previous releases may also be affected if you've installed the needrestart package.

To check if you are impacted, you can run the following command:

  • apt list --installed | grep "^\(needrestart\|libmodule-scandeps-perl\)"

If you have needrestart below 3.5-5ubuntu2.1 on 22.04, 3.6-7ubuntu4.1 on 24.04, or 3.6-8ubuntu4 on 24.10, you need to update the package. To upgrade these packages specifically, use the following command:

  • sudo apt update && sudo apt install --only-upgrade needrestart libmodule-scandeps-perl

It should go without saying, but if you're using an internet-connected computer, it's important to regularly install available updates for your computer so that attackers cannot exploit vulnerabilities.

Source: Ubuntu

Report a problem with article
100 billion Shazam recognitions
Next Article

Shazam celebrates 100 billion song recognitions

Galaxy S25 Ultra render
Previous Article

Take a look at the dummy units of the Samsung Galaxy S25 Ultra

Join the conversation!

Login or Sign Up to read and post a comment.

0 Comments - Add comment