This bug was fixed in the package accountsservice - 22.07.5-2ubuntu2
---------------
accountsservice (22.07.5-2ubuntu2) kinetic; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: accountsservice incorrect privilege dropping
(LP: #1974250)
- debian/patches/0009-language-tools.patch: updated to not reset
effective uid, and migrate root-owned .pam_environment file.
- This change was originally known as CVE-2020-16126 and got reverted
by mistake in 0.6.55-3ubuntu1.
- CVE-2022-1804
* Fix FTBFS with a newer python-dbusmock package:
- debian/patches/adduser_invocation.patch: fix invocation of AddUser in
tests/dbusmock/accounts_service.py.
- debian/patches/setlocked_signature.patch: fix the signature for the
SetLocked call in tests/dbusmock/accounts_service.py.
-- Gunnar Hjalmarsson <gunna...@ubuntu.com> Tue, 24 May 2022 19:53:07
+0200
** Changed in: accountsservice (Ubuntu Kinetic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1974250
Title:
~/.pam_environment gets created as owned by root
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
