Not a user yet?
Log in Register for free Suggest a product
Update

USN-8173-1: polkit vulnerabilities

Ubuntu DesktopUbuntu Desktop
Canonical

USN-8173-1: polkit vulnerabilities

Publication date: 14 April 2026
Overview: Several security issues were fixed in polkit.

Packages
policykit-1 - framework for managing administrative policies and privileges

Details
It was discovered that polkit incorrectly handled nested elements in XML
policy files. If an administrator were tricked into installing a malicious
policy file, a remote attacker could possibly use this issue to cause
polkit to crash, resulting in a denial of service. (CVE-2025-7519)

Pavel Kohout discovered that the polkit polkit-agent-helper-1 utility
incorrectly handled long input. A local attacker could possibly use this
issue to cause polkit to crash, resulting in a denial of service.
(CVE-2026-4897)

Update instructions
The problem can be corrected by updating your system to the following package versions:

  • 25.10 questing polkitd – 126-2ubuntu0.1
  • 24.04 LTS noble policykit-1 – 124-2ubuntu1.24.04.3
  • 22.04 LTS jammy policykit-1 – 0.105-33ubuntu0.1
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad