USN-4616-1: AccountsService vulnerabilities

🗓️ 03 Nov 2020 15:16:30Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 93 Views

AccountsService vulnerabilities in Ubuntu 16.04, 18.04, and 20.0

Reporter	Title	Published	Views	Family All 69
FreeBSD	AccountsService -- Insufficient path check in user_change_icon_file_authorized_cb()	13 Jul 201800:00	–	freebsd
Cent OS	PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update	15 Nov 201818:43	–	centos
Circl	CVE-2020-16126	11 Nov 202007:28	–	circl
Circl	CVE-2020-16127	11 Nov 202007:28	–	circl
CNVD	AccountsService Path Traversal Vulnerability	17 Jul 201800:00	–	cnvd
CVE	CVE-2018-14036	13 Jul 201812:00	–	cve
CVE	CVE-2020-16126	11 Nov 202004:10	–	cve
CVE	CVE-2020-16127	11 Nov 202004:10	–	cve
Cvelist	CVE-2018-14036	13 Jul 201812:00	–	cvelist
Cvelist	CVE-2020-16126 accountsservice drops ruid, allows unprivileged users to send it signals	11 Nov 202004:10	–	cvelist

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	16.04	amd64	accountsservice	0.6.40-2ubuntu11.6	accountsservice_0.6.40-2ubuntu11.6_amd64.deb
Ubuntu	16.04	arm64	accountsservice	0.6.40-2ubuntu11.6	accountsservice_0.6.40-2ubuntu11.6_arm64.deb
Ubuntu	16.04	armhf	accountsservice	0.6.40-2ubuntu11.6	accountsservice_0.6.40-2ubuntu11.6_armhf.deb
Ubuntu	16.04	i386	accountsservice	0.6.40-2ubuntu11.6	accountsservice_0.6.40-2ubuntu11.6_i386.deb
Ubuntu	16.04	powerpc	accountsservice	0.6.40-2ubuntu11.6	accountsservice_0.6.40-2ubuntu11.6_powerpc.deb
Ubuntu	16.04	ppc64el	accountsservice	0.6.40-2ubuntu11.6	accountsservice_0.6.40-2ubuntu11.6_ppc64el.deb
Ubuntu	16.04	s390x	accountsservice	0.6.40-2ubuntu11.6	accountsservice_0.6.40-2ubuntu11.6_s390x.deb
Ubuntu	18.04	amd64	accountsservice	0.6.45-1ubuntu1.3	accountsservice_0.6.45-1ubuntu1.3_amd64.deb
Ubuntu	18.04	arm64	accountsservice	0.6.45-1ubuntu1.3	accountsservice_0.6.45-1ubuntu1.3_arm64.deb
Ubuntu	18.04	armhf	accountsservice	0.6.45-1ubuntu1.3	accountsservice_0.6.45-1ubuntu1.3_armhf.deb

03 Nov 2020 15:16Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24

CVSS 36.5

CVSS 3.13.3 - 5.5

EPSS0.01989

accountsservice ubuntu vulnerabilities denial of service cve-2020-16126 cve-2020-16127 cve-2018-14036