SUSE-SU-2018:3625-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2018/suse-su-20183625-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:3625-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2018:3625-1

Related

CVE-2018-14036

Published

2018-11-05T16:56:21Z

Modified

2018-11-05T16:56:21Z

Summary

Security update for accountsservice

Details

This update for accountsservice fixes the following issues:

This security issue was fixed:

CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in userchangeiconfileauthorized_cb() (bsc#1099699)

Thsese non-security issues were fixed:

Don't abort loading users when an /etc/shadow entry is missing. (bsc#1090003)
When user session type is wayland, actuserisloggedin can return TRUE if the user is logged in. (bsc#1095918)

References

Affected packages

SUSE:Linux Enterprise Module for Desktop Applications 15 / accountsservice

Package

Name: accountsservice
Purl: purl:rpm/suse/accountsservice&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.45-6.7.6

Ecosystem specific

{
    "binaries": [
        {
            "accountsservice-lang": "0.6.45-6.7.6",
            "libaccountsservice0": "0.6.45-6.7.6",
            "typelib-1_0-AccountsService-1_0": "0.6.45-6.7.6",
            "accountsservice": "0.6.45-6.7.6",
            "accountsservice-devel": "0.6.45-6.7.6"
        }
    ]
}