*** This bug is a security vulnerability *** Public security bug reported:
Test Case ========= Install Ubuntu Desktop 25.10 Log in. Install all updates. Restart. Log in. Run update-manager -d. Follow the prompts to upgrade to Ubuntu 26.04 LTS. What Happens ============ All seeded snaps are set to track "stable/ubuntu-26.04 LTS". That is an invalid target. (excerpt) $ snap info firefox name: firefox summary: Mozilla Firefox web browser description: | Firefox is a powerful, extensible web browser with support for modern web application technologies. tracking: latest/stable/ubuntu-26.04 LTS I only noticed this issue because I wondered why I still had Firefox 144 on an Ubuntu 26.04 LTS devel instance, even though Firefox 146 is scheduled for release tomorrow. Nothing in the system warns about this unless you happen to run a command like this manually: $ snap refresh firefox error: requested a non-existing branch on latest/stable for snap "firefox": ubuntu-26.04 LTS I am setting the severity to Critical because this prevents nearly everyone using Firefox from receiving security updates. (Mitigated because relatively few people are running Ubuntu 26.04 LTS now, but it is being used by developers and very early adopters.) I did not check if upgrades to Ubuntu 24.04 LTS are affected, but I hope we would have seen bug reports if that were true. Workaround ========== I requested a simple command to fix this in LP: #2134444 Otherwise, it's tedious to update all your affected seeded snaps manually. You can find a list at https://cdimage.ubuntu.com/daily-live/current/resolute-desktop-amd64.manifest If you're using a different flavor of Ubuntu, use the appropriate manifest instead: https://cdimage.ubuntu.com/edubuntu/daily-live/current/resolute-desktop-amd64.manifest sudo snap refresh --amend --channel=1/stable/ubuntu-26.04 desktop-security-center sudo snap refresh --channel=stable/ubuntu-26.04 firefox Do that for all the seeded snaps to match what you see at the bottom of the manifest file. Thunderbird isn't installed if you didn't choose the full install option for Ubuntu Desktop. ProblemType: Bug DistroRelease: Ubuntu 26.04 Package: ubuntu-release-upgrader-core 1:26.04.2 ProcVersionSignature: Ubuntu 6.17.0-7.7-generic 6.17.2 Uname: Linux 6.17.0-7-generic x86_64 ApportVersion: 2.33.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: pass CrashDB: ubuntu CrashReports: 644:0:110:0:2025-12-08 18:02:11.640000000 -0500:2025-12-08 22:49:37.929000000 -0500:/var/crash/kdump_lock CurrentDesktop: ubuntu:GNOME Date: Mon Dec 8 23:02:49 2025 InstallationDate: Installed on 2025-10-24 (45 days ago) InstallationMedia: Ubuntu 25.10 "Questing Quokka" - Beta amd64 (20250917.2) PackageArchitecture: all ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> SourcePackage: ubuntu-release-upgrader Symptom: ubuntu-release-upgrader UpgradeStatus: Upgraded to resolute on 2025-12-09 (0 days ago) VarLogDistupgradeTermlog: ** Affects: ubuntu-release-upgrader (Ubuntu) Importance: Critical Status: New ** Tags: amd64 apport-bug dist-upgrade resolute wayland-session ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2134446 Title: Upgrade to Ubuntu 26.04 LTS set invalid channel for seeded snaps To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/2134446/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
