UbuntuUpdates.org

Package "libaccountsservice0"

Name: libaccountsservice0

Description:

query and manipulate user account information - shared libraries

Latest version: 0.6.45-1ubuntu1.3
Release: bionic (18.04)
Level: updates
Repository: main
Head package: accountsservice
Homepage: https://www.freedesktop.org/wiki/Software/AccountsService/

Links


Download "libaccountsservice0"


Other versions of "libaccountsservice0" in Bionic

Repository Area Version
base main 0.6.45-1ubuntu1
security main 0.6.45-1ubuntu1.3

Changelog

Version: 0.6.45-1ubuntu1.3 2020-11-03 17:06:54 UTC

  accountsservice (0.6.45-1ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS
    (LP: #1900255)
    - debian/patches/0010-set-language.patch: updated to not drop real uid
      and real gid in user_drop_privileges_to_user.
    - debian/patches/0009-language-tools.patch: updated to not reset
      effective uid.
    - CVE-2020-16126
  * SECURITY UPDATE: directory traversal issue
    - debian/patches/CVE-2018-14036.patch: fix insufficient path prefix
      check in src/user.c.
    - CVE-2018-14036

 -- Marc Deslauriers <email address hidden> Mon, 02 Nov 2020 12:05:51 -0500

CVE-2020-16126 RESERVED
CVE-2018-14036 Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authori



About   -   Send Feedback to @ubuntu_updates