UbuntuUpdates.org

Package "accountsservice"

Name: accountsservice

Description:

query and manipulate user account information
Latest version: 0.6.55-0ubuntu12~20.04.7
Release: focal (20.04)
Level: updates
Repository: main
Homepage: https://www.freedesktop.org/wiki/Software/AccountsService/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "accountsservice"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "accountsservice" in Focal

Repository Area Version
base main 0.6.55-0ubuntu11
security main 0.6.55-0ubuntu12~20.04.7

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.6.55-0ubuntu12~20.04.7 2024-03-11 17:06:54 UTC

  accountsservice (0.6.55-0ubuntu12~20.04.7) focal-security; urgency=medium

  * SECURITY UPDATE: possible encrypted password disclosure
    - debian/patches/CVE-2012-6655.patch: replace usermod -p with
      chpasswd -e in src/user.c, src/util.c, src/util.h.
    - CVE-2012-6655

 -- Marc Deslauriers <email address hidden> Fri, 08 Mar 2024 12:25:40 -0500
Source diff to previous version
CVE-2012-6655 An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted p

Version: 0.6.55-0ubuntu12~20.04.6 2023-06-28 15:07:21 UTC

  accountsservice (0.6.55-0ubuntu12~20.04.6) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free in user.c (LP: #2024182)
    - debian/patches/0010-set-language.patch: updated to properly return
      from functions after throw_error() has been called.
    - CVE-2023-3297

 -- Marc Deslauriers <email address hidden> Tue, 20 Jun 2023 07:26:26 -0400
Source diff to previous version
2024182 GHSL-2023-139: use-after-free in user.c

Version: 0.6.55-0ubuntu12~20.04.5 2021-11-16 20:07:15 UTC

  accountsservice (0.6.55-0ubuntu12~20.04.5) focal-security; urgency=medium

  * SECURITY UPDATE: double-free in the SetLanguage D-Bus method
    (LP: #1950149)
    - debian/patches/0010-set-language.patch: updated to remove g_autofree
      on result of user_get_fallback_value().
    - CVE-2021-3939
  * debian/patches/0010-set-language.patch: updated to fix minor memory
    leaks by adding g_autofree to results of user_update_environment().

 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 07:23:14 -0500
Source diff to previous version
CVE-2021-3939 RESERVED

Version: 0.6.55-0ubuntu12~20.04.4 2020-11-03 18:07:01 UTC

  accountsservice (0.6.55-0ubuntu12~20.04.4) focal-security; urgency=medium

  * SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS
    (LP: #1900255)
    - debian/patches/0010-set-language.patch: updated to not drop real uid
      and real gid in user_drop_privileges_to_user.
    - debian/patches/0009-language-tools.patch: updated to not reset
      effective uid.
    - CVE-2020-16126
  * SECURITY UPDATE: accountsservice .pam_environment infinite loop
    (LP: #1900255)
    - debian/patches/0010-set-language.patch: updated to use O_NOFOLLOW
      and limit the number of lines read from file.
    - CVE-2020-16127

 -- Marc Deslauriers <email address hidden> Mon, 02 Nov 2020 12:03:54 -0500
Source diff to previous version
CVE-2020-16126 RESERVED
CVE-2020-16127 RESERVED

Version: 0.6.55-0ubuntu12~20.04.2 2020-10-26 11:06:19 UTC

  accountsservice (0.6.55-0ubuntu12~20.04.2) focal; urgency=medium

  * debian/patches/0010-set-language.patch:
    - Don't dismiss C.UTF-8 as an invalid locale name (LP: #1873678)

 -- Gunnar Hjalmarsson <email address hidden> Sat, 10 Oct 2020 21:31:00 +0200
1873678 gnome-language-selector crashed with dbus.exceptions.DBusException in call_blocking(): org.freedesktop.Accounts.Error.Failed: 'C.UTF-8' is not a vali


About   -   Send Feedback to @ubuntu_updates