openSUSE-SU-2018:3710-1

Опубликовано: 09 нояб. 2018

Источник: suse-cvrf

Описание

Security update for accountsservice

This update for accountsservice fixes the following issues:

This security issue was fixed:

CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in user_change_icon_file_authorized_cb() (bsc#1099699)

Thsese non-security issues were fixed:

Don't abort loading users when an /etc/shadow entry is missing. (bsc#1090003)
When user session type is wayland, act_user_is_logged_in can return TRUE if the user is logged in. (bsc#1095918)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

accountsservice-0.6.45-lp150.3.3.1

accountsservice-devel-0.6.45-lp150.3.3.1

accountsservice-lang-0.6.45-lp150.3.3.1

libaccountsservice0-0.6.45-lp150.3.3.1

typelib-1_0-AccountsService-1_0-0.6.45-lp150.3.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00014.html
E-Mail link for openSUSE-SU-2018:3710-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

Затронутые продукты

openSUSE Leap 15.0:accountsservice-0.6.45-lp150.3.3.1

openSUSE Leap 15.0:accountsservice-devel-0.6.45-lp150.3.3.1

openSUSE Leap 15.0:accountsservice-lang-0.6.45-lp150.3.3.1

openSUSE Leap 15.0:libaccountsservice0-0.6.45-lp150.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14036.html
CVE-2018-14036
https://bugzilla.suse.com/1099699
SUSE Bug 1099699
https://bugzilla.suse.com/1101332
SUSE Bug 1101332
https://bugzilla.suse.com/1112694
SUSE Bug 1112694

openSUSE-SU-2018:3710-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-14036

Описание

Затронутые продукты

Ссылки