Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-2737

Published: 28 June 2012

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

Priority

Medium

Status

Package Release Status
accountsservice
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Ignored
(end of life)
oneiric
Released (0.6.14-1git1ubuntu1.2)
precise
Released (0.6.15-2ubuntu9.1)
quantal
Released (0.6.15-2ubuntu10)
upstream
Released (0.6.22)
Patches:
upstream: http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5
upstream: http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721
upstream: http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d