First published: Fri Jul 13 2018(Updated: )
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Freedesktop Accountsservice | <0.6.50 |
https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-14036.
The title of this vulnerability is 'Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.'
The severity of CVE-2018-14036 is medium with a severity value of 6.5.
The Freedesktop Accountsservice software version up to exclusive version 0.6.50 is affected by CVE-2018-14036.
To fix CVE-2018-14036, update the AccountsService software to version 0.6.50 or later.