Ubuntu alert USN-6687-1 (accountsservice)

From:
             
 
Marc Deslauriers <marc.deslauriers@canonical.com>
To:
             
 
"ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>
Subject:
             
 
[USN-6687-1] AccountsService vulnerability
Date:
             
 
Mon, 11 Mar 2024 10:10:31 -0400
Message-ID:
             
 
<3b079ff3-39dd-44c9-84fc-20c43bc0538b@canonical.com>
==========================================================================
Ubuntu Security Notice USN-6687-1
March 11, 2024

accountsservice vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

AccountsService could be made to expose sensitive information.

Software Description:
- accountsservice: query and manipulate user account information

Details:

It was discovered that AccountsService called a helper incorrectly when
performaing password change operations. A local attacker could possibly use
this issue to obtain encrypted passwords.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   accountsservice                 22.07.5-2ubuntu1.5
   libaccountsservice0             22.07.5-2ubuntu1.5

Ubuntu 20.04 LTS:
   accountsservice                 0.6.55-0ubuntu12~20.04.7
   libaccountsservice0             0.6.55-0ubuntu12~20.04.7

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6687-1
   CVE-2012-6655

Package Information:
   https://launchpad.net/ubuntu/+source/accountsservice/22.0...
   https://launchpad.net/ubuntu/+source/accountsservice/0.6....