UbuntuUpdates.org

Package "libaccountsservice-dev"

Name: libaccountsservice-dev

Description:

query and manipulate user account information - header files

Latest version: 0.6.55-0ubuntu12~20.04.7
Release: focal (20.04)
Level: security
Repository: main
Head package: accountsservice
Homepage: https://www.freedesktop.org/wiki/Software/AccountsService/

Links


Download "libaccountsservice-dev"


Other versions of "libaccountsservice-dev" in Focal

Repository Area Version
base main 0.6.55-0ubuntu11
updates main 0.6.55-0ubuntu12~20.04.7

Changelog

Version: 0.6.55-0ubuntu12~20.04.7 2024-03-11 15:06:48 UTC

  accountsservice (0.6.55-0ubuntu12~20.04.7) focal-security; urgency=medium

  * SECURITY UPDATE: possible encrypted password disclosure
    - debian/patches/CVE-2012-6655.patch: replace usermod -p with
      chpasswd -e in src/user.c, src/util.c, src/util.h.
    - CVE-2012-6655

 -- Marc Deslauriers <email address hidden> Fri, 08 Mar 2024 12:25:40 -0500

Source diff to previous version
CVE-2012-6655 An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted p

Version: 0.6.55-0ubuntu12~20.04.6 2023-06-28 15:07:18 UTC

  accountsservice (0.6.55-0ubuntu12~20.04.6) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free in user.c (LP: #2024182)
    - debian/patches/0010-set-language.patch: updated to properly return
      from functions after throw_error() has been called.
    - CVE-2023-3297

 -- Marc Deslauriers <email address hidden> Tue, 20 Jun 2023 07:26:26 -0400

Source diff to previous version
2024182 GHSL-2023-139: use-after-free in user.c

Version: 0.6.55-0ubuntu12~20.04.5 2021-11-16 19:06:20 UTC

  accountsservice (0.6.55-0ubuntu12~20.04.5) focal-security; urgency=medium

  * SECURITY UPDATE: double-free in the SetLanguage D-Bus method
    (LP: #1950149)
    - debian/patches/0010-set-language.patch: updated to remove g_autofree
      on result of user_get_fallback_value().
    - CVE-2021-3939
  * debian/patches/0010-set-language.patch: updated to fix minor memory
    leaks by adding g_autofree to results of user_update_environment().

 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 07:23:14 -0500

Source diff to previous version
CVE-2021-3939 RESERVED

Version: 0.6.55-0ubuntu12~20.04.4 2020-11-03 17:06:55 UTC

  accountsservice (0.6.55-0ubuntu12~20.04.4) focal-security; urgency=medium

  * SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS
    (LP: #1900255)
    - debian/patches/0010-set-language.patch: updated to not drop real uid
      and real gid in user_drop_privileges_to_user.
    - debian/patches/0009-language-tools.patch: updated to not reset
      effective uid.
    - CVE-2020-16126
  * SECURITY UPDATE: accountsservice .pam_environment infinite loop
    (LP: #1900255)
    - debian/patches/0010-set-language.patch: updated to use O_NOFOLLOW
      and limit the number of lines read from file.
    - CVE-2020-16127

 -- Marc Deslauriers <email address hidden> Mon, 02 Nov 2020 12:03:54 -0500

CVE-2020-16126 RESERVED
CVE-2020-16127 RESERVED



About   -   Send Feedback to @ubuntu_updates