========================================================================== Ubuntu Security Notice USN-8195-3 April 29, 2026
packagekit vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
PackageKit could be made to install packages as the administrator.
Software Description:
- packagekit: Provides a package management service
Details:
USN-8195-1 fixed a vulnerability in PackageKit. This update provides
the corresponding fix to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that PackageKit incorrectly handled certain transactions.
A local attacker could use this issue to install arbitrary packages as
root, possibly resulting in privilege escalation.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
packagekit 1.1.13-2ubuntu1.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
packagekit 1.1.9-1ubuntu2.18.04.6+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
packagekit 0.8.17-4ubuntu6~gcc5.4ubuntu1.5+esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8195-3
https://ubuntu.com/security/notices/USN-8195-2
https://ubuntu.com/security/notices/USN-8195-1
CVE-2026-41651
signature.asc
Description: OpenPGP digital signature
