Packages
- ubuntu-advantage-tools - Management tools for Ubuntu Pro
Details
Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer
token in command-line arguments when validating APT credentials. A local
attacker could possibly use this issue to obtain sensitive information
and gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494)
Frederick Jerusha discovered that Ubuntu Advantage Tools did not properly
validate data received from the contract server when writing APT source
files. An attacker could possibly use this issue to inject arbitrary APT
configuration and execute arbitrary code. (CVE-2026-11386)
Mateusz Gierblinski discovered that Ubuntu Advantage Tools did not
properly handle symbolic links when collecting diagnostic logs. A local
attacker could possibly use this issue to obtain sensitive information
from files owned by the administrator. This issue only affected Ubuntu
16.04 LTS,...
Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer
token in command-line arguments when validating APT credentials. A local
attacker could possibly use this issue to obtain sensitive information
and gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494)
Frederick Jerusha discovered that Ubuntu Advantage Tools did not properly
validate data received from the contract server when writing APT source
files. An attacker could possibly use this issue to inject arbitrary APT
configuration and execute arbitrary code. (CVE-2026-11386)
Mateusz Gierblinski discovered that Ubuntu Advantage Tools did not
properly handle symbolic links when collecting diagnostic logs. A local
attacker could possibly use this issue to obtain sensitive information
from files owned by the administrator. This issue only affected Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-12391)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.