Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
172
security advisorycriticalinformation exposureUbuntu 22.04 LTS USN-6687-1 Critical AccountsService Exposure
AccountsService could be made to expose sensitive information.. ========================================================================== Ubuntu Security Notice USN-6687-1 March 11, 2024 accountsservice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: AccountsService could be made to expose sensitive information. Software Description: - accountsservice: query and manipulate user account information Details: It was discovered that AccountsService called a helper incorrectly when performaing password change operations. A local attacker could possibly use this issue to obtain encrypted passwords. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: accountsservice 22.07.5-2ubuntu1.5 libaccountsservice0 22.07.5-2ubuntu1.5 Ubuntu 20.04 LTS: accountsservice 0.6.55-0ubuntu12~20.04.7 libaccountsservice0 0.6.55-0ubuntu12~20.04.7 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6687-1 CVE-2012-6655 Package Information: https://launchpad.net/ubuntu/+source/accountsservice/22.07.5-2ubuntu1.5 https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu12~20.04.7 . A newly identified flaw in AccountsService could potentially reveal private data on Ubuntu machines. Prompt update advised.. Ubuntu AccountsService, Data Exposure, Security Update. . Severity: Critical. LinuxSecurity.com Team
Mar 11, 2024
•Critical
Ubuntu
172
security advisorydenial of servicecriticalUbuntu 6190-2 Critical Advisory: AccountsService DoS Risk and Mitigation
AccountsService could be made to crash or run programs if it received specially crafted messages.. ========================================================================== Ubuntu Security Notice USN-6190-2 September 25, 2023 accountsservice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: AccountsService could be made to crash or run programs if it received specially crafted messages. Software Description: - accountsservice: query and manipulate user account information Details: USN-6190-1 fixed a vulnerability in AccountsService. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): accountsservice 0.6.45-1ubuntu1.3+esm1 libaccountsservice0 0.6.45-1ubuntu1.3+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): accountsservice 0.6.40-2ubuntu11.6+esm1 libaccountsservice0 0.6.40-2ubuntu11.6+esm1 Ubuntu 14.04 LTS (Available with Ubuntu Pro): accountsservice 0.6.35-0ubuntu7.3+esm3 libaccountsservice0 0.6.35-0ubuntu7.3+esm3 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6190-2 https://ubuntu.com/security/notices/USN-6190-1 CVE-2023-3297 . The vulnerability present in the AccountsService could enable local attackers tocompromise services or run unrestricted code on Ubuntu machines.. AccountsService Exploit, Ubuntu Security, Denial of Service Risk, Software Update, Security Advisory. . Severity: Critical. LinuxSecurity.com Team
Sep 25, 2023
•Critical
Ubuntu
172
security advisorydenial of serviceupdateUbuntu 23.04 USN-6190-1: Moderate AccountsService Denial of Service
AccountsService could be made to crash or run programs if it received specially crafted messages.. =========================================================================Ubuntu Security Notice USN-6190-1 June 28, 2023 accountsservice vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: AccountsService could be made to crash or run programs if it received specially crafted messages. Software Description: - accountsservice: query and manipulate user account information Details: Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: accountsservice 22.08.8-1ubuntu7.1 libaccountsservice0 22.08.8-1ubuntu7.1 Ubuntu 22.10: accountsservice 22.08.8-1ubuntu1.1 libaccountsservice0 22.08.8-1ubuntu1.1 Ubuntu 22.04 LTS: accountsservice 22.07.5-2ubuntu1.4 libaccountsservice0 22.07.5-2ubuntu1.4 Ubuntu 20.04 LTS: accountsservice 0.6.55-0ubuntu12~20.04.6 libaccountsservice0 0.6.55-0ubuntu12~20.04.6 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6190-1 CVE-2023-3297 Package Information: https://launchpad.net/ubuntu/+source/accountsservice/22.08.8-1ubuntu7.1 https://launchpad.net/ubuntu/+source/accountsservice/22.08.8-1ubuntu1.1 https://launchpad.net/ubuntu/+source/accountsservice/22.07.5-2ubuntu1.4 https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu12~20.04.6 . A flaw in the AccountsService on Ubuntu can lead to system crashes or the execution of arbitrary code by sending specially crafted messages.. AccountsService Exploit, Ubuntu Security Updates, DoS Threats. . LinuxSecurity.com Team
Jun 28, 2023
Ubuntu
172
security advisorydenial of servicecriticalUbuntu 22.04 LTS USN-5439-1 Critical: AccountsService Denial Of Service
AccountsService could be made to crash or stop responding.. =========================================================================Ubuntu Security Notice USN-5439-1 May 24, 2022 accountsservice vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: AccountsService could be made to crash or stop responding. Software Description: - accountsservice: query and manipulate user account information Details: Gunnar Hjalmarsson discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or stop responding, resulting in a denial of service. (CVE-2022-1804) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: accountsservice 22.07.5-2ubuntu1.3 libaccountsservice0 22.07.5-2ubuntu1.3 After a standard system update you need to reboot your computer to make all the necessary changes. References: CVE-2022-1804 Package Information: https://launchpad.net/ubuntu/+source/accountsservice/22.07.5-2ubuntu1.3 . The AccountsService on Ubuntu 22.04 LTS may suffer from a vulnerability related to permissions, potentially causing a denial of service. Ensure you update immediately!. AccountsService Update, Denial Of Service, Ubuntu Security. . Severity: Critical. LinuxSecurity.com Team
May 24, 2022
•Critical
Ubuntu
172
security advisorycriticalubuntuUbuntu 21.10, 21.04, 20.04 LTS USN-5149-1: Critical AccountsService Flaw
AccountsService could be made to crash or run programs as an administrator if it received a specially crafted command.. =========================================================================Ubuntu Security Notice USN-5149-1 November 16, 2021 accountsservice vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 21.04 - Ubuntu 20.04 LTS Summary: AccountsService could be made to crash or run programs as an administrator if it received a specially crafted command. Software Description: - accountsservice: query and manipulate user account information Details: Kevin Backhouse discovered that AccountsService incorrectly handled memory when performing certain language setting operations. A local attacker could use this issue to escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: accountsservice 0.6.55-0ubuntu14.1 libaccountsservice0 0.6.55-0ubuntu14.1 Ubuntu 21.04: accountsservice 0.6.55-0ubuntu13.3 libaccountsservice0 0.6.55-0ubuntu13.3 Ubuntu 20.04 LTS: accountsservice 0.6.55-0ubuntu12~20.04.5 libaccountsservice0 0.6.55-0ubuntu12~20.04.5 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5149-1 CVE-2021-3939 Package Information: https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu14.1 https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu13.3 https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu12~20.04.5 . The identified AccountsService vulnerability poses a severe security risk in multiple Ubuntu versions, enabling unauthorized elevation of user privileges and system access..accountsservice flaw, ubuntu security advisory, local privilege escalation. . Severity: Critical. LinuxSecurity.com Team
Nov 16, 2021
•Critical
Ubuntu
100
security advisorymoderatedirectory traversalSUSE: 2019:2778-1 Moderate: AccountsService Directory Traversal Fix
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for accountsservice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2778-1 Rating: moderate References: #1099699 #1139487 Cross-References: CVE-2018-14036 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for accountsservice fixes the following issues: Security issue fixed: - CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in user_change_icon_file_authorized_cb() (bsc#1099699). Non-security issue fixed: - Improved wtmp io performance (bsc#1139487). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2778=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2778=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2778=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2778=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2778=1 - SUSE LinuxEnterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2778=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): accountsservice-debuginfo-0.6.42-16.8.3 accountsservice-debugsource-0.6.42-16.8.3 accountsservice-devel-0.6.42-16.8.3 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): accountsservice-debuginfo-0.6.42-16.8.3 accountsservice-debugsource-0.6.42-16.8.3 accountsservice-devel-0.6.42-16.8.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): accountsservice-0.6.42-16.8.3 accountsservice-debuginfo-0.6.42-16.8.3 accountsservice-debugsource-0.6.42-16.8.3 libaccountsservice0-0.6.42-16.8.3 libaccountsservice0-debuginfo-0.6.42-16.8.3 typelib-1_0-AccountsService-1_0-0.6.42-16.8.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): accountsservice-lang-0.6.42-16.8.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): accountsservice-0.6.42-16.8.3 accountsservice-debuginfo-0.6.42-16.8.3 accountsservice-debugsource-0.6.42-16.8.3 libaccountsservice0-0.6.42-16.8.3 libaccountsservice0-debuginfo-0.6.42-16.8.3 typelib-1_0-AccountsService-1_0-0.6.42-16.8.3 - SUSE Linux Enterprise Server 12-SP4 (noarch): accountsservice-lang-0.6.42-16.8.3 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): accountsservice-lang-0.6.42-16.8.3 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): accountsservice-0.6.42-16.8.3 accountsservice-debuginfo-0.6.42-16.8.3 accountsservice-debugsource-0.6.42-16.8.3 libaccountsservice0-0.6.42-16.8.3 libaccountsservice0-debuginfo-0.6.42-16.8.3 typelib-1_0-AccountsService-1_0-0.6.42-16.8.3 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): accountsservice-lang-0.6.42-16.8.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): accountsservice-0.6.42-16.8.3 accountsservice-debuginfo-0.6.42-16.8.3 accountsservice-debugsource-0.6.42-16.8.3 libaccountsservice0-0.6.42-16.8.3 libaccountsservice0-debuginfo-0.6.42-16.8.3 typelib-1_0-AccountsService-1_0-0.6.42-16.8.3 References: https://www.suse.com/security/cve/CVE-2018-14036.html https://bugzilla.suse.com/1099699 https://bugzilla.suse.com/1139487 _______________________________________________ sle-security-updates mailing list
Oct 24, 2019
SuSE
202
security advisorymoderatedirectory traversalopenSUSE Leap 15.0 Security Update: 2018:3710-1 Moderate Threat Mitigation
An update that contains security fixes can now be installed.. openSUSE Security Update: Security update for accountsservice ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:3710-1 Rating: moderate References: Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for accountsservice fixes the following issues: This security issue was fixed: - CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in user_change_icon_file_authorized_cb() (bsc#1099699) Thsese non-security issues were fixed: - Don't abort loading users when an /etc/shadow entry is missing. (bsc#1090003) - When user session type is wayland, act_user_is_logged_in can return TRUE if the user is logged in. (bsc#1095918) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1380=1 Package List: - openSUSE Leap 15.0 (i586 x86_64): accountsservice-0.6.45-lp150.3.3.1 accountsservice-debuginfo-0.6.45-lp150.3.3.1 accountsservice-debugsource-0.6.45-lp150.3.3.1 accountsservice-devel-0.6.45-lp150.3.3.1 libaccountsservice0-0.6.45-lp150.3.3.1 libaccountsservice0-debuginfo-0.6.45-lp150.3.3.1 typelib-1_0-AccountsService-1_0-0.6.45-lp150.3.3.1 - openSUSE Leap 15.0 (noarch): accountsservice-lang-0.6.45-lp150.3.3.1 References: -- . openSUSE Security Patch fixes vulnerabilities in user profile management, improving overall system integrity.. openSUSE Security Update,AccountsService Fix, Moderate Security Update. . LinuxSecurity.com Team
Nov 10, 2018
OpenSUSE
100
security advisorymoderatesecurity issueSUSE: 2018:3625-1 Moderate: Directory Traversal Issue in Accountsservice
An update that solves one vulnerability and has two fixes is now available. . SUSE Security Update: Security update for accountsservice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3625-1 Rating: moderate References: #1090003 #1095918 #1099699 Cross-References: CVE-2018-14036 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for accountsservice fixes the following issues: This security issue was fixed: - CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in user_change_icon_file_authorized_cb() (bsc#1099699) Thsese non-security issues were fixed: - Don't abort loading users when an /etc/shadow entry is missing. (bsc#1090003) - When user session type is wayland, act_user_is_logged_in can return TRUE if the user is logged in. (bsc#1095918) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2579=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): accountsservice-0.6.45-6.7.6 accountsservice-debuginfo-0.6.45-6.7.6 accountsservice-debugsource-0.6.45-6.7.6 accountsservice-devel-0.6.45-6.7.6 libaccountsservice0-0.6.45-6.7.6 libaccountsservice0-debuginfo-0.6.45-6.7.6 typelib-1_0-AccountsService-1_0-0.6.45-6.7.6 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): accountsservice-lang-0.6.45-6.7.6 References: https://www.suse.com/security/cve/CVE-2018-14036.html https://bugzilla.suse.com/1090003 https://bugzilla.suse.com/1095918 https://bugzilla.suse.com/1099699 _______________________________________________ sle-security-updates mailing list
Nov 05, 2018
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!