openSUSE Security Update: Security update for accountsservice ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:3710-1 Rating: moderate References: Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for accountsservice fixes the following issues: This security issue was fixed: - CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in user_change_icon_file_authorized_cb() (bsc#1099699) Thsese non-security issues were fixed: - Don't abort loading users when an /etc/shadow entry is missing. (bsc#1090003) - When user session type is wayland, act_user_is_logged_in can return TRUE if the user is logged in. (bsc#1095918) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1380=1 Package List: - openSUSE Leap 15.0 (i586 x86_64): accountsservice-0.6.45-lp150.3.3.1 accountsservice-debuginfo-0.6.45-lp150.3.3.1 accountsservice-debugsource-0.6.45-lp150.3.3.1 accountsservice-devel-0.6.45-lp150.3.3.1 libaccountsservice0-0.6.45-lp150.3.3.1 libaccountsservice0-debuginfo-0.6.45-lp150.3.3.1 typelib-1_0-AccountsService-1_0-0.6.45-lp150.3.3.1 - openSUSE Leap 15.0 (noarch): accountsservice-lang-0.6.45-lp150.3.3.1 References: -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org