UbuntuUpdates.org

Package "accountsservice"

Name: accountsservice

Description:

query and manipulate user account information

Latest version: 22.07.5-2ubuntu1.5
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://www.freedesktop.org/wiki/Software/AccountsService/

Links


Download "accountsservice"


Other versions of "accountsservice" in Jammy

Repository Area Version
base main 22.07.5-2ubuntu1
updates main 22.07.5-2ubuntu1.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 22.07.5-2ubuntu1.5 2024-03-11 16:06:53 UTC

  accountsservice (22.07.5-2ubuntu1.5) jammy-security; urgency=medium

  * SECURITY UPDATE: possible encrypted password disclosure
    - debian/patches/CVE-2012-6655.patch: replace usermod -p with
      chpasswd -e in src/user.c, src/util.c, src/util.h.
    - CVE-2012-6655

 -- Marc Deslauriers <email address hidden> Fri, 08 Mar 2024 11:55:23 -0500

Source diff to previous version
CVE-2012-6655 An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted p

Version: 22.07.5-2ubuntu1.4 2023-06-28 15:07:25 UTC

  accountsservice (22.07.5-2ubuntu1.4) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free in user.c (LP: #2024182)
    - debian/patches/0010-set-language.patch: updated to properly return
      from functions after throw_error() has been called.
    - CVE-2023-3297

 -- Marc Deslauriers <email address hidden> Tue, 20 Jun 2023 07:25:34 -0400

Source diff to previous version
2024182 GHSL-2023-139: use-after-free in user.c

Version: 22.07.5-2ubuntu1.3 2022-05-24 15:06:32 UTC

  accountsservice (22.07.5-2ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: accountsservice incorrect privilege dropping
    (LP: #1974250)
    - debian/patches/0009-language-tools.patch: updated to not reset
      effective uid, and migrate root-owned .pam_environment file.
    - This change was originally known as CVE-2020-16126 and got reverted
      by mistake in 0.6.55-3ubuntu1.
    - CVE-2022-1804
  * Fix FTBFS with a newer python-dbusmock package:
    - debian/patches/adduser_invocation.patch: fix invocation of AddUser in
      tests/dbusmock/accounts_service.py.
    - debian/patches/setlocked_signature.patch: fix the signature for the
      SetLocked call in tests/dbusmock/accounts_service.py.

 -- Marc Deslauriers <email address hidden> Thu, 19 May 2022 20:02:04 -0400

1974250 ~/.pam_environment gets created as owned by root
CVE-2020-16126 RESERVED
CVE-2022-1804 RESERVED



About   -   Send Feedback to @ubuntu_updates