Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 6190-2 Critical Advisory: AccountsService DoS Risk and Mitigation

ubuntu
Calendar Grey September 25, 2023
Dist Ubuntu Esm H88
The vulnerability present in the AccountsService could enable local attackers to compromise services or run unrestricted code on Ubuntu machines.
AccountsService could be made to crash or run programs if it received specially crafted messages.

Summary

AccountsService could be made to crash or run programs if it received

specially crafted messages.

Software Description:

- accountsservice: query and manipulate user account information

Details:

USN-6190-1 fixed a vulnerability in AccountsService. This update provides

the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and

Ubuntu 18.04 LTS.

Original advisory details:

Kevin Backhouse discovered that AccountsService incorrectly handled certain

D-Bus messages. A local attacker could use this issue to cause

AccountsService to crash, resulting in a denial of service, or possibly

execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
accountsservice 0.6.45-1ubuntu1.3+esm1
libaccountsservice0 0.6.45-1ubuntu1.3+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
accountsservice 0.6.40-2ubuntu11.6+esm1
libaccountsservice0 0.6.40-2ubuntu11.6+esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
accountsservice 0.6.35-0ubuntu7.3+esm3
libaccountsservice0 0.6.35-0ubuntu7.3+esm3

After a standard system update you need to reboot your computer to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-6190-2

https://ubuntu.com/security/notices/USN-6190-1

CVE-2023-3297

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6190-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.