UbuntuUpdates.org

Package "accountsservice"

Name: accountsservice

Description:

query and manipulate user account information

Latest version: 0.6.40-2ubuntu11.6
Release: xenial (16.04)
Level: security
Repository: main
Homepage: http://www.freedesktop.org/wiki/Software/AccountsService/

Links


Download "accountsservice"


Other versions of "accountsservice" in Xenial

Repository Area Version
base main 0.6.40-2ubuntu10
updates main 0.6.40-2ubuntu11.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.6.40-2ubuntu11.6 2020-11-03 17:06:51 UTC

  accountsservice (0.6.40-2ubuntu11.6) xenial-security; urgency=medium

  * SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS
    (LP: #1900255)
    - debian/patches/0010-set-language.patch: updated to not drop real uid
      and real gid in user_drop_privileges_to_user.
    - debian/patches/0009-language-tools.patch: updated to not reset
      effective uid.
    - CVE-2020-16126
  * SECURITY UPDATE: directory traversal issue
    - debian/patches/CVE-2018-14036.patch: fix insufficient path prefix
      check in src/user.c.
    - CVE-2018-14036

 -- Marc Deslauriers <email address hidden> Mon, 02 Nov 2020 12:10:06 -0500

CVE-2020-16126 RESERVED
CVE-2018-14036 Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authori



About   -   Send Feedback to @ubuntu_updates