Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu: 4616-1 Critical: AccountsService Denial of Service Issues

ubuntu
Calendar Grey November 3, 2020
Dist Ubuntu Esm H88
A number of security flaws in AccountsService have been addressed through an update for Ubuntu systems. Discover further details regarding this advisory.
Several security issues were fixed in AccountsService.

Summary

Several security issues were fixed in AccountsService.

Software Description:

- accountsservice: query and manipulate user account information

Details:

Kevin Backhouse discovered that AccountsService incorrectly dropped

privileges. A local user could possibly use this issue to cause

AccountsService to crash or hang, resulting in a denial of service.

(CVE-2020-16126)

Kevin Backhouse discovered that AccountsService incorrectly handled reading

.pam_environment files. A local user could possibly use this issue to cause

AccountsService to crash or hang, resulting in a denial of service. This

issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-16127)

Matthias Gerstner discovered that AccountsService incorrectly handled

certain path checks. A local attacker could possibly use this issue to

read arbitrary files. This issue only affected Ubuntu 16.04 LTS and Ubuntu

18.04 LTS. (CVE-2018-14036)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  accountsservice                 0.6.55-0ubuntu13.2
  libaccountsservice0             0.6.55-0ubuntu13.2

Ubuntu 20.04 LTS:
  accountsservice                 0.6.55-0ubuntu12~20.04.4
  libaccountsservice0             0.6.55-0ubuntu12~20.04.4

Ubuntu 18.04 LTS:
  accountsservice                 0.6.45-1ubuntu1.3
  libaccountsservice0             0.6.45-1ubuntu1.3

Ubuntu 16.04 LTS:
  accountsservice                 0.6.40-2ubuntu11.6
  libaccountsservice0             0.6.40-2ubuntu11.6

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4616-1

CVE-2018-14036, CVE-2020-16126, CVE-2020-16127

Severity
critical
Lowest
Low
Medium
High
Critical

November 03, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here