* SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS
(LP: #1900255)
- debian/patches/0010-set-language.patch: updated to not drop real uid
and real gid in user_drop_privileges_to_user.
- debian/patches/0009-language-tools.patch: updated to not reset
effective uid.
- CVE-2020-16126
* SECURITY UPDATE: accountsservice .pam_environment infinite loop
(LP: #1900255)
- debian/patches/0010-set-language.patch: updated to use O_NOFOLLOW
and limit the number of lines read from file.
- CVE-2020-16127
-- Marc Deslauriers <email address hidden> Mon, 02 Nov 2020 12:02:46 -0500
This bug was fixed in the package accountsservice - 0.6.55-0ubuntu13.2
--------------- 0ubuntu13. 2) groovy-security; urgency=medium
accountsservice (0.6.55-
* SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS patches/ 0010-set- language. patch: updated to not drop real uid privileges_ to_user. patches/ 0009-language- tools.patch: updated to not reset patches/ 0010-set- language. patch: updated to use O_NOFOLLOW
(LP: #1900255)
- debian/
and real gid in user_drop_
- debian/
effective uid.
- CVE-2020-16126
* SECURITY UPDATE: accountsservice .pam_environment infinite loop
(LP: #1900255)
- debian/
and limit the number of lines read from file.
- CVE-2020-16127
-- Marc Deslauriers <email address hidden> Mon, 02 Nov 2020 12:02:46 -0500