8
Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root (www.bleepingcomputer.com)
submitted 1 month ago by pnutzh4x0r@lemmy.ndlug.org to c/ubuntu@lemmy.ml
2 comments fedilink hide all child comments

Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04.

The flaws were discovered by Qualys and are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. They were introduced in needrestart version 0.8, released in April 2014, and fixed only yesterday, in version 3.8.

Needrestart is a utility commonly used on Linux, including on Ubuntu Server, to identify services that require a restart after package updates, ensuring that those services run the most up-to-date versions of shared libraries.

...

Apart from upgrading to version 3.8 or later, which includes patches for all the identified vulnerabilities, it is recommended to modify the needrestart.conf file to disable the interpreter scanning feature, which prevents the vulnerabilities from being exploited.

top 2 comments
sorted by: hot top controversial new old
[-] cyborganism@lemmy.ca 2 points 1 month ago

Hmmm. Is Debian affected by this?

this post was submitted on 21 Nov 2024
8 points (100.0% liked)

Ubuntu Linux

1508 readers
1 users here now

Linux for Human Beings.

Ubuntu is a popular Linux operating system for PC / mobile devices, etc.

Developed by Canonical & based on Debian (another older Linux OS) which is known for it's rock solid stability.

Ubuntu is trusted everywhere computing by professionals and common users alike.

https://ubuntu.com/

founded 5 years ago
MODERATORS
linux@lemmy.ml
mekhos@lemmy.ml