Advisory ROSA-SA-2021-1804

Software: accountservice 0.6.50
OS: Cobalt 7.9

CVE-ID: CVE-2020-16126
CVE-Crit: LOW
CVE-DESC: Ubuntu-specific modification of AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, incorrectly removed ruid, allowing untrusted users to send signals to AccountsService, thus preventing them from processing D-Bus messages.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-16127
CVE-Crit: MEDIUM
CVE-DESC: Ubuntu-specific modification to AccountsService in versions prior to 0.6.55-0ubuntu13.2, among other earlier versions, will perform unrestricted read operations on user-managed ~ / .pam_environment files, allowing an infinite loop to be created if / dev / null is bound to that location.
CVE-STATUS: default
CVE-REV: default