|
|
Log in / Subscribe / Register

Ubuntu alert USN-8212-1 (authd)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8212-1] authd vulnerability


Date:
              Mon, 27 Apr 2026 17:21:24 +0000


Message-ID:
              <E1wHPe8-0001Cb-CP@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8212-1
April 27, 2026

authd vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:


Summary:

authd could be made to escalate privileges.

Software Description:

Details:

It was discovered that authd incorrectly assigned the primary group ID to
users under certain conditions. A local attacker could possibly use this
issue to achieve privilege escalation, or gain unauthorized access to files
belonging to other users.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

After a standard system update you need to restart authd to make all the
necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8212-1
  CVE-2026-6970




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnvlF0ACgkQcpJm3tlz
hgHGxxAAusOPfIXs1ijm1KQzbET56Ea6zyWpnyxjp36Xt1JS5/JregLWuiK/q+sp
3KBCMc/JXM1Vjh4e94XSjVumYoerhi9MKyQwaWU21yEK2Lfa/FJ7htqQG9smTt2S
Z+Mydju13S6fJAphYDTpM/QjCbsl4Ec89MelIgkAKZiL3g7K3kz/Wmu4BDxbnLTl
8JqCta6idjBcEXkd5LyX8lR10Zowo+7r9UkdRbzYMQ3Px/vi7qO9470QRvEDZ9dh
cxcYBX2xYqwg0jToBfiU2qzNUybfAnLgTcR/OaWk+LTZIvZRUb3Bpke4buKwf04Q
NUK/ccWVi6ON70xar0FAG6Byyu+EWMQY5byl2BSnGXzzTcjnOl6sD+NfavTPkGUb
vyTfT/QytjntoLtyyvcX4de/RK7Qx/DOwfcvro35XSAuOHPxNCQWN2YUG1t23luH
ezRoUCjh/33F31ovT0Vd9NHHLsUSXXTneD92ObvWe5BB5eWXDZFrjMaaRxqN8Xln
5YnDmpphEF1jY54AIIp9epotXCx8nd/M6ElDKjzdOMtprZiFR/kBCLou2xYZDWVb
lHuLGUlWoPEguCJIvj7tn7mC1u6tt8S7lFHhe/8Ald2B4SD9IBi3+QWFBMv6YpbS
gwlLmgLDKKika3JP5UKYG6TvHBq8CniXteZ4mU9Y1qzd/ZYa1nA=
=jxt0
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds