Home / mailings [USN-8195-3] PackageKit vulnerability
Posted on 29 April 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8195-3
April 29, 2026
packagekit vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
PackageKit could be made to install packages as the administrator.
Software Description:
- packagekit: Provides a package management service
Details:
USN-8195-1 fixed a vulnerability in PackageKit. This update provides
the corresponding fix to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that PackageKit incorrectly handled certain transactions.
A local attacker could use this issue to install arbitrary packages as
root, possibly resulting in privilege escalation.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
packagekit 1.1.13-2ubuntu1.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
packagekit 1.1.9-1ubuntu2.18.04.6+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
packagekit 0.8.17-4ubuntu6~gcc5.4ubuntu1.5+esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8195-3
https://ubuntu.com/security/notices/USN-8195-2
https://ubuntu.com/security/notices/USN-8195-1
CVE-2026-41651
--===============5253224840739637754==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
