Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-4406

The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.

Related bugs and status

CVE-2011-4406 (Candidate) is related to these bugs:

Bug #952909: Some users invisible/unusable

		In	Importance	Status
952909	Some users invisible/unusable	accountsservice (Ubuntu)	High	Fix Released
952909	Some users invisible/unusable	accountsservice (Ubuntu Precise)	High	Fix Released
952909	Some users invisible/unusable	accountsservice (Debian)	Unknown	Fix Released
952909	Some users invisible/unusable	accountsservice	Unknown	Unknown

Bug #1003764: Update to 0.6.21

Summary				In	Importance	Status
	1003764	Update to 0.6.21		accountsservice (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bazaar.launchpa...
CONFIRM: http://people.canonica...
UBUNTU: USN-1351-1