skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Security Vulnerabilities Found in Ubuntu's Needrestart Package

/ 1 min read

Decades-old vulnerabilities in Ubuntu’s needrestart package pose serious security risks. Multiple security flaws have been discovered in the needrestart utility, which is included by default in Ubuntu Server since version 21.04. Identified by the Qualys Threat Research Unit, these vulnerabilities allow local attackers to gain root privileges without user interaction, making them easy to exploit. The issues, present since 2014, include several critical vulnerabilities (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-11003, and CVE-2024-10224) that could lead to arbitrary code execution. Ubuntu has released a fix in version 3.8 and recommends users apply the updates promptly or temporarily disable interpreter scanners in the configuration file as a mitigation measure. Failure to address these vulnerabilities could compromise system integrity and security.