USN-8555-1

Source
https://ubuntu.com/security/notices/USN-8555-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8555-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-8555-1
Upstream
Related
Published
2026-07-16T12:59:08Z
Modified
2026-07-16T21:16:21.242979618Z
Summary
ubuntu-advantage-tools vulnerabilities
Details

Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer token in command-line arguments when validating APT credentials. A local attacker could possibly use this issue to obtain sensitive information and gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494)

Frederick Jerusha discovered that Ubuntu Advantage Tools did not properly validate data received from the contract server when writing APT source files. An attacker could possibly use this issue to inject arbitrary APT configuration and execute arbitrary code. (CVE-2026-11386)

Mateusz Gierblinski discovered that Ubuntu Advantage Tools did not properly handle symbolic links when collecting diagnostic logs. A local attacker could possibly use this issue to obtain sensitive information from files owned by the administrator. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-12391)

References

Affected packages

Ubuntu:14.04:LTS
ubuntu-advantage-tools

Package

Name
ubuntu-advantage-tools
Purl
pkg:deb/ubuntu/ubuntu-advantage-tools?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
19.7ubuntu0.1

Affected versions

Other
2
10ubuntu0.*
10ubuntu0.14.04.2
10ubuntu0.14.04.3
10ubuntu0.14.04.4
19.*
19.6~ubuntu14.04.3
19.6~ubuntu14.04.4
19.7

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "19.7ubuntu0.1",
            "binary_name": "ubuntu-advantage-tools"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8555-1.json"
cves_map
{
    "cves": [],
    "ecosystem": "Ubuntu:14.04:LTS"
}
Ubuntu:16.04:LTS
ubuntu-advantage-tools

Package

Name
ubuntu-advantage-tools
Purl
pkg:deb/ubuntu/ubuntu-advantage-tools?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
37.1ubuntu0~16.04.1

Affected versions

Other
2
10ubuntu0.*
10ubuntu0.16.04.1
27.*
27.0~16.04.1
27.1~16.04.1
27.2.1~16.04.1
27.2.2~16.04.1
27.3~16.04.1
27.4.1~16.04.1
27.4.2~16.04.1
27.5~16.04.1
27.6~16.04.1
27.7~16.04.1
27.8~16.04.1
27.9~16.04.1
27.10.1~16.04.1
27.11.2~16.04.1
27.11.3~16.04.1
27.12~16.04.1
27.13.1~16.04.1
27.13.2~16.04.1
27.13.3~16.04.1
27.13.5~16.04.1
27.13.6~16.04.1
27.14.4~16.04
28.*
28.1~16.04
29.*
29.4~16.04
30~16.*
30~16.04
31.*
31.2~16.04
31.2.2~16.04
32.*
32.3~16.04
32.3.1~16.04
33.*
33.2~16.04
34~16.*
34~16.04
35.*
35.1ubuntu0~16.04
36ubuntu0~16.*
36ubuntu0~16.04
37.*
37.1ubuntu0~16.04

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "37.1ubuntu0~16.04.1",
            "binary_name": "ubuntu-advantage-pro"
        },
        {
            "binary_version": "37.1ubuntu0~16.04.1",
            "binary_name": "ubuntu-advantage-tools"
        },
        {
            "binary_version": "37.1ubuntu0~16.04.1",
            "binary_name": "ubuntu-pro-auto-attach"
        },
        {
            "binary_version": "37.1ubuntu0~16.04.1",
            "binary_name": "ubuntu-pro-client"
        },
        {
            "binary_version": "37.1ubuntu0~16.04.1",
            "binary_name": "ubuntu-pro-client-l10n"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8555-1.json"
cves_map
{
    "cves": [],
    "ecosystem": "Ubuntu:16.04:LTS"
}
Ubuntu:18.04:LTS
ubuntu-advantage-tools

Package

Name
ubuntu-advantage-tools
Purl
pkg:deb/ubuntu/ubuntu-advantage-tools?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
37.1ubuntu0~18.04.1

Affected versions

Other
10
13
14
16
17
27.*
27.0.2~18.04.1
27.1~18.04.1
27.2.1~18.04.1
27.2.2~18.04.1
27.3~18.04.1
27.4.1~18.04.1
27.4.2~18.04.1
27.5~18.04.1
27.6~18.04.1
27.7~18.04.1
27.8~18.04.1
27.9~18.04.1
27.10.1~18.04.1
27.11.2~18.04.1
27.11.3~18.04.1
27.12~18.04.1
27.13.1~18.04.1
27.13.2~18.04.1
27.13.3~18.04.1
27.13.5~18.04.1
27.13.6~18.04.1
27.14.4~18.04
28.*
28.1~18.04
29.*
29.4~18.04
30~18.*
30~18.04
31.*
31.2~18.04
31.2.2~18.04
31.2.3~18.04
32.*
32.3~18.04
32.3.1~18.04
33.*
33.2~18.04
34~18.*
34~18.04
35.*
35.1ubuntu0~18.04
36ubuntu0~18.*
36ubuntu0~18.04
37.*
37.1ubuntu0~18.04

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "37.1ubuntu0~18.04.1",
            "binary_name": "ubuntu-advantage-pro"
        },
        {
            "binary_version": "37.1ubuntu0~18.04.1",
            "binary_name": "ubuntu-advantage-tools"
        },
        {
            "binary_version": "37.1ubuntu0~18.04.1",
            "binary_name": "ubuntu-pro-auto-attach"
        },
        {
            "binary_version": "37.1ubuntu0~18.04.1",
            "binary_name": "ubuntu-pro-client"
        },
        {
            "binary_version": "37.1ubuntu0~18.04.1",
            "binary_name": "ubuntu-pro-client-l10n"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8555-1.json"
cves_map
{
    "cves": [],
    "ecosystem": "Ubuntu:18.04:LTS"
}
Ubuntu:20.04:LTS
ubuntu-advantage-tools

Package

Name
ubuntu-advantage-tools
Purl
pkg:deb/ubuntu/ubuntu-advantage-tools?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
37.1ubuntu0~20.04.1

Affected versions

19.*
19.5.1
20.*
20.2.1~0ubuntu1
20.3
27.*
27.0.2~20.04.1
27.1~20.04.1
27.2.1~20.04.1
27.2.2~20.04.1
27.3~20.04.1
27.4.1~20.04.1
27.4.2~20.04.1
27.5~20.04.1
27.6~20.04.1
27.7~20.04.1
27.8~20.04.1
27.9~20.04.1
27.10.1~20.04.1
27.11.2~20.04.1
27.11.3~20.04.1
27.12~20.04.1
27.13.1~20.04.1
27.13.2~20.04.1
27.13.3~20.04.1
27.13.5~20.04.1
27.13.6~20.04.1
27.14.4~20.04
28.*
28.1~20.04
29.*
29.4~20.04
30~20.*
30~20.04
31.*
31.2~20.04
31.2.2~20.04
31.2.3~20.04
32.*
32.3~20.04
32.3.1~20.04
33.*
33.2~20.04
34~20.*
34~20.04
35.*
35.1ubuntu0~20.04
36ubuntu0~20.*
36ubuntu0~20.04
37.*
37.1ubuntu0~20.04

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "37.1ubuntu0~20.04.1",
            "binary_name": "ubuntu-advantage-pro"
        },
        {
            "binary_version": "37.1ubuntu0~20.04.1",
            "binary_name": "ubuntu-advantage-tools"
        },
        {
            "binary_version": "37.1ubuntu0~20.04.1",
            "binary_name": "ubuntu-pro-auto-attach"
        },
        {
            "binary_version": "37.1ubuntu0~20.04.1",
            "binary_name": "ubuntu-pro-client"
        },
        {
            "binary_version": "37.1ubuntu0~20.04.1",
            "binary_name": "ubuntu-pro-client-l10n"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8555-1.json"
cves_map
{
    "cves": [],
    "ecosystem": "Ubuntu:20.04:LTS"
}
Ubuntu:22.04:LTS
ubuntu-advantage-tools

Package

Name
ubuntu-advantage-tools
Purl
pkg:deb/ubuntu/ubuntu-advantage-tools?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
37.2ubuntu~22.04.1

Affected versions

27.*
27.2.2~21.10.1
27.3~21.10.1
27.4~22.04.1
27.4.1~22.04.1
27.4.2~22.04.1
27.5~22.04.1
27.6~22.04.1
27.7~22.04.1
27.8~22.04.1
27.9~22.04.1
27.10.1~22.04.1
27.11.2~22.04.1
27.11.3~22.04.1
27.12~22.04.1
27.13.1~22.04.1
27.13.2~22.04.1
27.13.3~22.04.1
27.13.5~22.04.1
27.13.6~22.04.1
27.14.4~22.04
28.*
28.1~22.04
29.*
29.4~22.04
30~22.*
30~22.04
31.*
31.2~22.04
31.2.2~22.04
31.2.3~22.04
32.*
32.3~22.04
32.3.1~22.04
33.*
33.2~22.04
34~22.*
34~22.04
35.*
35.1ubuntu0~22.04
36ubuntu0~22.*
36ubuntu0~22.04
37.*
37.1ubuntu0~22.04
37.2ubuntu~22.04

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "37.2ubuntu~22.04.1",
            "binary_name": "ubuntu-advantage-pro"
        },
        {
            "binary_version": "37.2ubuntu~22.04.1",
            "binary_name": "ubuntu-advantage-tools"
        },
        {
            "binary_version": "37.2ubuntu~22.04.1",
            "binary_name": "ubuntu-pro-auto-attach"
        },
        {
            "binary_version": "37.2ubuntu~22.04.1",
            "binary_name": "ubuntu-pro-client"
        },
        {
            "binary_version": "37.2ubuntu~22.04.1",
            "binary_name": "ubuntu-pro-client-l10n"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8555-1.json"
cves_map
{
    "cves": [
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-9494"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "high"
                }
            ],
            "id": "CVE-2026-11386"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-12391"
        }
    ],
    "ecosystem": "Ubuntu:22.04:LTS"
}
Ubuntu:24.04:LTS
ubuntu-advantage-tools

Package

Name
ubuntu-advantage-tools
Purl
pkg:deb/ubuntu/ubuntu-advantage-tools?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
37.2ubuntu~24.04.1

Affected versions

29.*
29.4
Other
30
30.*
30.1
31.*
31.1
31.2.2
31.2.2build1
31.2.3
32.*
32.3~24.04
32.3.1~24.04
33.*
33.2~24.04.1
34~24.*
34~24.04
35.*
35.1ubuntu0~24.04
36ubuntu0~24.*
36ubuntu0~24.04
37.*
37.1ubuntu0~24.04
37.2ubuntu~24.04

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "37.2ubuntu~24.04.1",
            "binary_name": "ubuntu-advantage-pro"
        },
        {
            "binary_version": "37.2ubuntu~24.04.1",
            "binary_name": "ubuntu-advantage-tools"
        },
        {
            "binary_version": "37.2ubuntu~24.04.1",
            "binary_name": "ubuntu-pro-auto-attach"
        },
        {
            "binary_version": "37.2ubuntu~24.04.1",
            "binary_name": "ubuntu-pro-client"
        },
        {
            "binary_version": "37.2ubuntu~24.04.1",
            "binary_name": "ubuntu-pro-client-l10n"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8555-1.json"
cves_map
{
    "cves": [
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-9494"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "high"
                }
            ],
            "id": "CVE-2026-11386"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-12391"
        }
    ],
    "ecosystem": "Ubuntu:24.04:LTS"
}
Ubuntu:26.04:LTS
ubuntu-advantage-tools

Package

Name
ubuntu-advantage-tools
Purl
pkg:deb/ubuntu/ubuntu-advantage-tools?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
37.2ubuntu0.1

Affected versions

Other
37ubuntu0
37.*
37.1ubuntu0
37.2ubuntu

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "37.2ubuntu0.1",
            "binary_name": "ubuntu-advantage-pro"
        },
        {
            "binary_version": "37.2ubuntu0.1",
            "binary_name": "ubuntu-advantage-tools"
        },
        {
            "binary_version": "37.2ubuntu0.1",
            "binary_name": "ubuntu-pro-auto-attach"
        },
        {
            "binary_version": "37.2ubuntu0.1",
            "binary_name": "ubuntu-pro-client"
        },
        {
            "binary_version": "37.2ubuntu0.1",
            "binary_name": "ubuntu-pro-client-l10n"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8555-1.json"
cves_map
{
    "cves": [
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-9494"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "high"
                }
            ],
            "id": "CVE-2026-11386"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-12391"
        }
    ],
    "ecosystem": "Ubuntu:26.04:LTS"
}