Security researchers have discovered multiple critical vulnerabilities in Ubuntu's needrestart package that could allow attackers to gain complete control of affected systems. The flaws, which date back to 2014, impact both desktop and server versions of Ubuntu since version 21.04.
The Qualys Threat Research Unit identified five distinct security holes in needrestart, a utility that helps manage system restarts after software updates. These vulnerabilities could enable a local attacker to elevate their privileges to root level - effectively giving them full administrative access to the system.
The most severe issues involve the Python and Ruby programming language interpreters. An attacker could manipulate specific environment variables (PYTHONPATH and RUBYLIB) to execute malicious code when needrestart runs. Another vulnerability allows attackers to exploit a race condition to run counterfeit Python interpreters.
Two additional flaws were found in the related libmodule-scandeps-perl package, which needrestart uses. These could be chained together to execute arbitrary shell commands with root privileges during package installations or upgrades.
"An attacker exploiting these vulnerabilities could gain root access, compromising system integrity and security," explained Saeed Abbasi from Qualys Threat Research Unit.
The affected Ubuntu versions include:
- Ubuntu 22.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 24.10
Users can check if their systems are vulnerable by running: apt list --installed | grep "^(needrestart|libmodule-scandeps-perl)"
Canonical has released patches addressing these security issues. Users are strongly advised to update their systems immediately using: sudo apt update && sudo apt install --only-upgrade needrestart libmodule-scandeps-perl
As a temporary workaround, users can disable interpreter scanners in the needrestart configuration file until updates are applied.
The discovery highlights the importance of regular security updates, as these vulnerabilities remained undetected for nearly a decade despite being present in software used by millions of Ubuntu systems worldwide.