Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Ubuntu Advantage Tools Important APT Issues Vulnerabilities USN-8555-1

ubuntu
Calendar Grey July 16, 2026
Scroller Ubuntu Esm H88
Several critical security issues fixed in Ubuntu Advantage Tools, affecting multiple Ubuntu LTS versions including APT exposure and code execution concerns.
Several security issues were fixed in Ubuntu Advantage Tools.

Summary

Several security issues were fixed in Ubuntu Advantage Tools.

Software Description:

- ubuntu-advantage-tools: Management tools for Ubuntu Pro

Details:

Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer

token in command-line arguments when validating APT credentials. A local

attacker could possibly use this issue to obtain sensitive information

and gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494)

Frederick Jerusha discovered that Ubuntu Advantage Tools did not properly

validate data received from the contract server when writing APT source

files. An attacker could possibly use this issue to inject arbitrary APT

configuration and execute arbitrary code. (CVE-2026-11386)

Mateusz Gierblinski discovered that Ubuntu Advantage Tools did not

properly handle symbolic links when collecting diagnostic logs. A local

attacker could possibly use this issue to obtain sensitive information

from files owned by the administrator. This issue only affecte...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  ubuntu-advantage-pro            37.2ubuntu0.1
  ubuntu-advantage-tools          37.2ubuntu0.1
  ubuntu-pro-auto-attach          37.2ubuntu0.1
  ubuntu-pro-client               37.2ubuntu0.1
  ubuntu-pro-client-l10n          37.2ubuntu0.1

Ubuntu 24.04 LTS
  ubuntu-advantage-pro            37.2ubuntu~24.04.1
  ubuntu-advantage-tools          37.2ubuntu~24.04.1
  ubuntu-pro-auto-attach          37.2ubuntu~24.04.1
  ubuntu-pro-client               37.2ubuntu~24.04.1
  ubuntu-pro-client-l10n          37.2ubuntu~24.04.1

Ubuntu 22.04 LTS
  ubuntu-advantage-pro            37.2ubuntu~22.04.1
  ubuntu-advantage-tools          37.2ubuntu~22.04.1
  ubuntu-pro-auto-attach          37.2ubuntu~22.04.1
  ubuntu-pro-client               37.2ubuntu~22.04.1
  ubuntu-pro-client-l10n          37.2ubuntu~22.04.1

Ubuntu 20.04 LTS
  ubuntu-advantage-pro            37.1ubuntu0~20.04.1
  ubuntu-advantage-tools          37.1ubuntu0~20.04.1
  ubuntu-pro-auto-attach          37.1ubuntu0~20.04.1
  ubuntu-pro-client               37.1ubuntu0~20.04.1
  ubuntu-pro-client-l10n          37.1ubuntu0~20.04.1

Ubuntu 18.04 LTS
  ubuntu-advantage-pro            37.1ubuntu0~18.04.1
  ubuntu-advantage-tools          37.1ubuntu0~18.04.1
  ubuntu-pro-auto-attach          37.1ubuntu0~18.04.1
  ubuntu-pro-client               37.1ubuntu0~18.04.1
  ubuntu-pro-client-l10n          37.1ubuntu0~18.04.1

Ubuntu 16.04 LTS
  ubuntu-advantage-pro            37.1ubuntu0~16.04.1
  ubuntu-advantage-tools          37.1ubuntu0~16.04.1
  ubuntu-pro-auto-attach          37.1ubuntu0~16.04.1
  ubuntu-pro-client               37.1ubuntu0~16.04.1
  ubuntu-pro-client-l10n          37.1ubuntu0~16.04.1

Ubuntu 14.04 LTS
  ubuntu-advantage-tools          19.7ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8555-1

CVE-2026-11386, CVE-2026-12391, CVE-2026-9494

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8555-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.