Monday, March 11, 2024

[USN-6687-1] AccountsService vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmXvENgACgkQZWnYVadE
vpOp7Q//VZ9xdnUAz3LTG8nim1ZJZ1moKnFwKbG5ps3c4z0KqVjHtCARjDkzekUq
B+v5qpIUOoXdWnjC07GGoJcK1qF9GaryYjJu42tN7iY2phjJHJXHXSHkAvzu6UIF
VlogBB8hZH/YzQ++1vKAN8Euxhdt/Zs7AgbKtjlz0fkVIFVHoJqtoXbAG73sc/xd
E9ox0lWkAFPtwWhbYbyZt4g9tWSQzg5nrTUR2FhL2K4JLWB4jgQovS2YLxJCu0Ew
sWscd1Crv+Jqa9STHqhoxJXE8tudCI9kbq/bBA6EBG5Agf97fEX9811eULQxYM1H
VtwCv4hH//NnMJx1d7m9f+bn8KN4hKneoUtpw60+Ap9bDtWaA9tyndXl5HzcR7S2
emlbVa2rBg/vvUnGwmwcUuUkTtKny7jJvHdUMkMVaXe2FWPQAcLYrYpdG4WKi3GR
TPH8RIW2ZpOrjG0RCpwP/0f1bRg0rF1hYwTnGtOK1kTgNmRRFI9HBbiN+n7+smB5
3E3ZREDR/5TgTmCFKAchY/fP39Bw9sFpQPdeHjRdjlkTPEtfA1LZ1g28bo9xo/g+
RQSq7V5ccAC7vnPqzO2Ru9kMbGEGR1mGo3ZKoADE8b6Oh+escae+HNvRFLv8cvPm
Bg+jZazQC2mPrqwmhFKkA047bb1jUpusbsuC+8pfskLmmacJT9Y=
=aKDa
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6687-1
March 11, 2024

accountsservice vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

AccountsService could be made to expose sensitive information.

Software Description:
- accountsservice: query and manipulate user account information

Details:

It was discovered that AccountsService called a helper incorrectly when
performaing password change operations. A local attacker could possibly use
this issue to obtain encrypted passwords.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
accountsservice 22.07.5-2ubuntu1.5
libaccountsservice0 22.07.5-2ubuntu1.5

Ubuntu 20.04 LTS:
accountsservice 0.6.55-0ubuntu12~20.04.7
libaccountsservice0 0.6.55-0ubuntu12~20.04.7

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6687-1
CVE-2012-6655

Package Information:
https://launchpad.net/ubuntu/+source/accountsservice/22.07.5-2ubuntu1.5
https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu12~20.04.7

No comments:

Post a Comment