Home / mailingsPDF  

[USN-8555-1] Ubuntu Advantage Tools (pro client) vulnerabilities

Posted on 16 July 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8555-1
July 16, 2026

ubuntu-advantage-tools vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Ubuntu Advantage Tools.

Software Description:
- ubuntu-advantage-tools: Management tools for Ubuntu Pro

Details:

Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer
token in command-line arguments when validating APT credentials. A local
attacker could possibly use this issue to obtain sensitive information
and gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494)

Frederick Jerusha discovered that Ubuntu Advantage Tools did not properly
validate data received from the contract server when writing APT source
files. An attacker could possibly use this issue to inject arbitrary APT
configuration and execute arbitrary code. (CVE-2026-11386)

Mateusz Gierblinski discovered that Ubuntu Advantage Tools did not
properly handle symbolic links when collecting diagnostic logs. A local
attacker could possibly use this issue to obtain sensitive information
from files owned by the administrator. This issue only affected Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-12391)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
ubuntu-advantage-pro 37.2ubuntu0.1
ubuntu-advantage-tools 37.2ubuntu0.1
ubuntu-pro-auto-attach 37.2ubuntu0.1
ubuntu-pro-client 37.2ubuntu0.1
ubuntu-pro-client-l10n 37.2ubuntu0.1

Ubuntu 24.04 LTS
ubuntu-advantage-pro 37.2ubuntu~24.04.1
ubuntu-advantage-tools 37.2ubuntu~24.04.1
ubuntu-pro-auto-attach 37.2ubuntu~24.04.1
ubuntu-pro-client 37.2ubuntu~24.04.1
ubuntu-pro-client-l10n 37.2ubuntu~24.04.1

Ubuntu 22.04 LTS
ubuntu-advantage-pro 37.2ubuntu~22.04.1
ubuntu-advantage-tools 37.2ubuntu~22.04.1
ubuntu-pro-auto-attach 37.2ubuntu~22.04.1
ubuntu-pro-client 37.2ubuntu~22.04.1
ubuntu-pro-client-l10n 37.2ubuntu~22.04.1

Ubuntu 20.04 LTS
ubuntu-advantage-pro 37.1ubuntu0~20.04.1
ubuntu-advantage-tools 37.1ubuntu0~20.04.1
ubuntu-pro-auto-attach 37.1ubuntu0~20.04.1
ubuntu-pro-client 37.1ubuntu0~20.04.1
ubuntu-pro-client-l10n 37.1ubuntu0~20.04.1

Ubuntu 18.04 LTS
ubuntu-advantage-pro 37.1ubuntu0~18.04.1
ubuntu-advantage-tools 37.1ubuntu0~18.04.1
ubuntu-pro-auto-attach 37.1ubuntu0~18.04.1
ubuntu-pro-client 37.1ubuntu0~18.04.1
ubuntu-pro-client-l10n 37.1ubuntu0~18.04.1

Ubuntu 16.04 LTS
ubuntu-advantage-pro 37.1ubuntu0~16.04.1
ubuntu-advantage-tools 37.1ubuntu0~16.04.1
ubuntu-pro-auto-attach 37.1ubuntu0~16.04.1
ubuntu-pro-client 37.1ubuntu0~16.04.1
ubuntu-pro-client-l10n 37.1ubuntu0~16.04.1

Ubuntu 14.04 LTS
ubuntu-advantage-tools 19.7ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8555-1
CVE-2026-11386, CVE-2026-12391, CVE-2026-9494

Package Information:
https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/37.2ubuntu0.1
https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/37.2ubuntu~24.04.1
https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/37.2ubuntu~22.04.1
https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/37.1ubuntu0~20.04.1
https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/37.1ubuntu0~18.04.1
https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/37.1ubuntu0~16.04.1
https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/19.7ubuntu0.1

--===============7373575569850208700==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP