USN-8195-2

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-8195-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8195-2.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-8195-2

Related

UBUNTU-CVE-2026-41651

Published

2026-04-27T11:28:19Z

Modified

2026-04-28T16:29:17.536260820Z

Summary

packagekit vulnerability

Details

USN-8195-1 fixed a vulnerability in PackageKit. This update provides the corresponding update to Ubuntu 26.04 LTS.

Original advisory details:

It was discovered that PackageKit incorrectly handled certain transactions. A local attacker could use this issue to install arbitrary packages as root, possibly resulting in privilege escalation.

References

Affected packages

Ubuntu:26.04 / packagekit

Package

Name: packagekit
Purl: pkg:deb/ubuntu/packagekit@1.3.4-3ubuntu1?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.4-3ubuntu1

Affected versions

1.*

1.3.1-1

1.3.2-1

1.3.3-1

1.3.4-1

1.3.4-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gir1.2-packagekitglib-1.0",
            "binary_version": "1.3.4-3ubuntu1"
        },
        {
            "binary_name": "gstreamer1.0-packagekit",
            "binary_version": "1.3.4-3ubuntu1"
        },
        {
            "binary_name": "libpackagekit-glib2-18",
            "binary_version": "1.3.4-3ubuntu1"
        },
        {
            "binary_name": "packagekit",
            "binary_version": "1.3.4-3ubuntu1"
        },
        {
            "binary_name": "packagekit-command-not-found",
            "binary_version": "1.3.4-3ubuntu1"
        },
        {
            "binary_name": "packagekit-docs",
            "binary_version": "1.3.4-3ubuntu1"
        },
        {
            "binary_name": "packagekit-gtk3-module",
            "binary_version": "1.3.4-3ubuntu1"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8195-2.json"

cves_map

{
    "cves": [],
    "ecosystem": "Ubuntu:26.04"
}