Ubuntu alert USN-8195-3 (packagekit)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8195-3] PackageKit vulnerability | |
| Date: | Wed, 29 Apr 2026 10:56:38 +0000 | |
| Message-ID: | <E1wI2as-0007n2-CS@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8195-3 April 29, 2026 packagekit vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: PackageKit could be made to install packages as the administrator. Software Description: - packagekit: Provides a package management service Details: USN-8195-1 fixed a vulnerability in PackageKit. This update provides the corresponding fix to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PackageKit incorrectly handled certain transactions. A local attacker could use this issue to install arbitrary packages as root, possibly resulting in privilege escalation. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS packagekit 1.1.13-2ubuntu1.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS packagekit 1.1.9-1ubuntu2.18.04.6+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS packagekit 0.8.17-4ubuntu6~gcc5.4ubuntu1.5+esm1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8195-3 https://ubuntu.com/security/notices/USN-8195-2 https://ubuntu.com/security/notices/USN-8195-1 CVE-2026-41651
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnx45IACgkQcpJm3tlz hgHafRAA1BnbtbuWCbQUR8BKGYf4+wPf8nPToY0lxiIoJDwMh4SFXWKEjK2NvjNa etjNI56mt9780ouA2YIDW6/3N6//jaXZZWdK1XAuVJwbRYIbqPuk59iuB4kRfMmD tnHNVhtoZBNlFqjGw4K1+QxXblHZq7xq2P501oPXLaFIDsz9xG+i90OjG5gQAXFC sebEQM9ZMthKt449W6Y9DnEGaqt/ccCLFSp0D5fuqzIawjq5a/AfSKo+QlYp7aiI LVgrXOw6hrc6m3LdlM/eTycErAw3JLI7V8BocQ5NreGaILCJHS5WE+2B9NxWHGwp ++7IxITICtLNh0X9eXOHsvf3qUJrForYDohal8F9VL03NJUI6CA62WhUfCtdrtxt P8pXcnE3bxQTCzkfgJb/IWu6ZY+1okMehXJjgVrnDomLBbxtVbpVIbpc+DiH6ayl 1WNI8nVWxDlTjiaa4MM/S1M9DNOQueIN7Sum/v7UXr/CR/E6kXprJOoX88pjfraE AZgQ6YdZy7WwHlyhM8R+QrjRpmaVumR7bU3EiPP7I88EEJGp6n62n8hLp4fyR3wz nDew1zR4lROFu3XJ/mxX6wxOAkg5ylck8Q2HS7b/mu5Tdco1NMMxQIqbQEIa9PE9 J929LPR2y57ZRhcylw8/O76/1hC6S0bUDwxtrnX9l9kxoBEy+rQ= =yGyG -----END PGP SIGNATURE-----