Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Ubuntu 21.10, 21.04, 20.04 LTS USN-5149-1: Critical AccountsService Flaw

Calendar Nov 16, 2021 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical ubuntu administrative access accountsservice
AccountsService could be made to crash or run programs as an administrator if it received a specially crafted command. 
=========================================================================Ubuntu Security Notice USN-5149-1
November 16, 2021

accountsservice vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS

Summary:

AccountsService could be made to crash or run programs as an administrator
if it received a specially crafted command.

Software Description:
- accountsservice: query and manipulate user account information

Details:

Kevin Backhouse discovered that AccountsService incorrectly handled memory
when performing certain language setting operations. A local attacker could
use this issue to escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  accountsservice                 0.6.55-0ubuntu14.1
  libaccountsservice0             0.6.55-0ubuntu14.1

Ubuntu 21.04:
  accountsservice                 0.6.55-0ubuntu13.3
  libaccountsservice0             0.6.55-0ubuntu13.3

Ubuntu 20.04 LTS:
  accountsservice                 0.6.55-0ubuntu12~20.04.5
  libaccountsservice0             0.6.55-0ubuntu12~20.04.5

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5149-1
  CVE-2021-3939

Package Information:
  https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu14.1
  https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu13.3
  https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu12~20.04.5

Ubuntu 21.10, 21.04, 20.04 LTS USN-5149-1: Critical AccountsService Flaw

ubuntu
Calendar Grey November 16, 2021
Dist Ubuntu Esm H88
The identified AccountsService vulnerability poses a severe security risk in multiple Ubuntu versions, enabling unauthorized elevation of user privileges and system access.
AccountsService could be made to crash or run programs as an administrator if it received a specially crafted command.

Summary

Topics%20covered

Topics Covered

security advisory critical ubuntu administrative access accountsservice

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: accountsservice 0.6.55-0ubuntu14.1 libaccountsservice0 0.6.55-0ubuntu14.1 Ubuntu 21.04: accountsservice 0.6.55-0ubuntu13.3 libaccountsservice0 0.6.55-0ubuntu13.3 Ubuntu 20.04 LTS: accountsservice 0.6.55-0ubuntu12~20.04.5 libaccountsservice0 0.6.55-0ubuntu12~20.04.5 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5149-1

CVE-2021-3939

Severity
critical
Lowest
Low
Medium
High
Critical

November 16, 2021

Topics%20covered

Topics Covered

security advisory critical ubuntu administrative access accountsservice

Package Information

https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu14.1 https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu13.3 https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu12~20.04.5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here