exploitDog

SUSE-SU-2019:2778-1

Опубликовано: 24 окт. 2019

Источник: suse-cvrf

Описание

Security update for accountsservice

This update for accountsservice fixes the following issues:

Security issue fixed:

CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in user_change_icon_file_authorized_cb() (bsc#1099699).

Non-security issue fixed:

Improved wtmp io performance (bsc#1139487).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP4

accountsservice-0.6.42-16.8.3

accountsservice-lang-0.6.42-16.8.3

libaccountsservice0-0.6.42-16.8.3

typelib-1_0-AccountsService-1_0-0.6.42-16.8.3

SUSE Linux Enterprise Server 12 SP4

accountsservice-0.6.42-16.8.3

accountsservice-lang-0.6.42-16.8.3

libaccountsservice0-0.6.42-16.8.3

typelib-1_0-AccountsService-1_0-0.6.42-16.8.3

SUSE Linux Enterprise Server 12 SP5

accountsservice-0.6.42-16.8.3

accountsservice-lang-0.6.42-16.8.3

libaccountsservice0-0.6.42-16.8.3

typelib-1_0-AccountsService-1_0-0.6.42-16.8.3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

accountsservice-0.6.42-16.8.3

accountsservice-lang-0.6.42-16.8.3

libaccountsservice0-0.6.42-16.8.3

typelib-1_0-AccountsService-1_0-0.6.42-16.8.3

SUSE Linux Enterprise Server for SAP Applications 12 SP5

accountsservice-0.6.42-16.8.3

accountsservice-lang-0.6.42-16.8.3

libaccountsservice0-0.6.42-16.8.3

typelib-1_0-AccountsService-1_0-0.6.42-16.8.3

SUSE Linux Enterprise Software Development Kit 12 SP4

accountsservice-devel-0.6.42-16.8.3

SUSE Linux Enterprise Software Development Kit 12 SP5

accountsservice-devel-0.6.42-16.8.3

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20192778-1/
Link for SUSE-SU-2019:2778-1
https://www.suse.com/support/update/announcement/2019/suse-su-20192778-1.html
E-Mail link for SUSE-SU-2019:2778-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1099699
SUSE Bug 1099699
https://bugzilla.suse.com/1139487
SUSE Bug 1139487
https://www.suse.com/security/cve/CVE-2018-14036/
SUSE CVE CVE-2018-14036 page

Описание

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP4:accountsservice-0.6.42-16.8.3

SUSE Linux Enterprise Desktop 12 SP4:accountsservice-lang-0.6.42-16.8.3

SUSE Linux Enterprise Desktop 12 SP4:libaccountsservice0-0.6.42-16.8.3

SUSE Linux Enterprise Desktop 12 SP4:typelib-1_0-AccountsService-1_0-0.6.42-16.8.3

Ссылки

https://www.suse.com/security/cve/CVE-2018-14036.html
CVE-2018-14036
https://bugzilla.suse.com/1099699
SUSE Bug 1099699
https://bugzilla.suse.com/1101332
SUSE Bug 1101332
https://bugzilla.suse.com/1112694
SUSE Bug 1112694