Multiple decade-old vulnerabilities in the needrestart package, installed by default in Ubuntu Server since version 21.04, could allow local attackers to escalate privileges to root without user interaction. Disclosed by Qualys Threat Research Unit, the flaws—present since version 0.8 (2014)—affect Debian, Ubuntu, and other Linux distributions. Exploits involve crafting environment variables (PYTHONPATH, RUBYLIB) or leveraging issues in the libmodule-scandeps-perl package to execute arbitrary code or shell commands during package installations or upgrades, compromising system security. Ubuntu has patched these issues in version 3.8 and recommends immediate updates or disabling interpreter scanners as a temporary measure.