|
|
Log in / Subscribe / Register

Ubuntu alert USN-8195-1 (packagekit)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8195-1] PackageKit vulnerability


Date:
              Wed, 22 Apr 2026 13:18:08 +0000


Message-ID:
              <E1wFXSy-0003AD-Hj@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8195-1
April 22, 2026

packagekit vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

PackageKit could be made to install packages as the administrator.

Software Description:
- packagekit: Provides a package management service

Details:

It was discovered that PackageKit incorrectly handled certain transactions.
A local attacker could use this issue to install arbitrary packages as
root, possibly resulting in privilege escalation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  packagekit                      1.3.1-1ubuntu1.1

Ubuntu 24.04 LTS
  packagekit                      1.2.8-2ubuntu1.5

Ubuntu 22.04 LTS
  packagekit                      1.2.5-2ubuntu3.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8195-1
  https://launchpad.net/bugs/2149908

Package Information:
  https://launchpad.net/ubuntu/+source/packagekit/1.3.1-1ub...
  https://launchpad.net/ubuntu/+source/packagekit/1.2.8-2ub...
  https://launchpad.net/ubuntu/+source/packagekit/1.2.5-2ub...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnoyj8ACgkQcpJm3tlz
hgHznxAAj8jjdFG/vuxWBlA2UsyYFgOe2W1IEesnJjLPoa32dXPzn649uz2Zgqzv
meKB/PTtT+1T+3lb8npr8d61A9K4hSGHxpr4aV/rVS3gsOvp2aKFT1mBqSZFbLuC
81knBVmUT4LAPMZjFdPU46qOhKpKeV/Q5V/DWOAVstlaEM2MUrzN32IZEt6iWb3s
aswR3u+vjyaTPTm5KAqCy8kNp8wtf51rxDy6x+RewstYOBJrar20MzWuTOlNmPpe
eOyoydpGtWzjIKemj0f6CLE1nlmV2veGEc/ILSLpn/8IuF01M7+E8i89bCMGkHSP
G36W5nJCMSk0G/mk4oSCm+UCpj8CsCnb4mrDSC/zQNnc+4S8ZuGz0/ehbshl1GXY
XQtvWrbDezPrXi0KMGxWRW3pUXYi8himO0smpB7mcWkDhvKmo9uEUjQJZm63/hDH
YfdfdqDEwwrbxyqxsfR5nE0UERv9EPXH6esCs85la9YkHqzA7uWX0B9raCKNg6gJ
db/SMXphb1bjvFIQKtMdzNDbknuqV0dRQWPoyuaNBa5jOaNLVDBFBHL7NvKswseT
MQ+WyCky08Zc2AUl6mHNI/GjbnChMg/aQXB8eF3heh4J7SQFTrDrdm6ANko3DLzJ
jreHbxnsfC9nTSs5UkHRq4mT+gkhFNC6KItVxPsuxTeD3rdkY14=
=RiRh
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds