SUSE-SU-2018:3625-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20183625-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:3625-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:3625-1
Related
Published
2018-11-05T16:56:21Z
Modified
2018-11-05T16:56:21Z
Summary
Security update for accountsservice
Details

This update for accountsservice fixes the following issues:

This security issue was fixed:

  • CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in userchangeiconfileauthorized_cb() (bsc#1099699)

Thsese non-security issues were fixed:

  • Don't abort loading users when an /etc/shadow entry is missing. (bsc#1090003)
  • When user session type is wayland, actuserisloggedin can return TRUE if the user is logged in. (bsc#1095918)
References

Affected packages

SUSE:Linux Enterprise Module for Desktop Applications 15 / accountsservice

Package

Name
accountsservice
Purl
purl:rpm/suse/accountsservice&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.45-6.7.6

Ecosystem specific

{
    "binaries": [
        {
            "accountsservice-lang": "0.6.45-6.7.6",
            "libaccountsservice0": "0.6.45-6.7.6",
            "typelib-1_0-AccountsService-1_0": "0.6.45-6.7.6",
            "accountsservice": "0.6.45-6.7.6",
            "accountsservice-devel": "0.6.45-6.7.6"
        }
    ]
}