Описание
Security update for accountsservice
This update for accountsservice fixes the following issues:
This security issue was fixed:
- CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in user_change_icon_file_authorized_cb() (bsc#1099699)
Thsese non-security issues were fixed:
- Don't abort loading users when an /etc/shadow entry is missing. (bsc#1090003)
- When user session type is wayland, act_user_is_logged_in can return TRUE if the user is logged in. (bsc#1095918)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15
accountsservice-0.6.45-6.7.6
accountsservice-devel-0.6.45-6.7.6
accountsservice-lang-0.6.45-6.7.6
libaccountsservice0-0.6.45-6.7.6
typelib-1_0-AccountsService-1_0-0.6.45-6.7.6
Ссылки
- Link for SUSE-SU-2018:3625-1
- E-Mail link for SUSE-SU-2018:3625-1
- SUSE Security Ratings
- SUSE Bug 1090003
- SUSE Bug 1095918
- SUSE Bug 1099699
- SUSE CVE CVE-2018-14036 page
Описание
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:accountsservice-0.6.45-6.7.6
SUSE Linux Enterprise Module for Desktop Applications 15:accountsservice-devel-0.6.45-6.7.6
SUSE Linux Enterprise Module for Desktop Applications 15:accountsservice-lang-0.6.45-6.7.6
SUSE Linux Enterprise Module for Desktop Applications 15:libaccountsservice0-0.6.45-6.7.6
Ссылки
- CVE-2018-14036
- SUSE Bug 1099699
- SUSE Bug 1101332
- SUSE Bug 1112694