- Vulnerability/
- USN-6190-1
USN-6190-1: AccountsService vulnerability
First published: Wed Jun 28 2023(Updated: )
Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/accountsservice | <22.08.8-1ubuntu7.1 | 22.08.8-1ubuntu7.1 |
| =23.04 | ||
| All of | ||
| ubuntu/libaccountsservice0 | <22.08.8-1ubuntu7.1 | 22.08.8-1ubuntu7.1 |
| =23.04 | ||
| All of | ||
| ubuntu/accountsservice | <22.08.8-1ubuntu1.1 | 22.08.8-1ubuntu1.1 |
| =22.10 | ||
| All of | ||
| ubuntu/libaccountsservice0 | <22.08.8-1ubuntu1.1 | 22.08.8-1ubuntu1.1 |
| =22.10 | ||
| All of | ||
| ubuntu/accountsservice | <22.07.5-2ubuntu1.4 | 22.07.5-2ubuntu1.4 |
| =22.04 | ||
| All of | ||
| ubuntu/libaccountsservice0 | <22.07.5-2ubuntu1.4 | 22.07.5-2ubuntu1.4 |
| =22.04 | ||
| All of | ||
| ubuntu/accountsservice | <0.6.55-0ubuntu12~20.04.6 | 0.6.55-0ubuntu12~20.04.6 |
| =20.04 | ||
| All of | ||
| ubuntu/libaccountsservice0 | <0.6.55-0ubuntu12~20.04.6 | 0.6.55-0ubuntu12~20.04.6 |
| =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-3297
- https://ubuntu.com/security/notices/USN-6190-2
- https://launchpad.net/ubuntu/+source/accountsservice/22.08.8-1ubuntu7.1
- https://launchpad.net/ubuntu/+source/accountsservice/22.08.8-1ubuntu1.1
- https://launchpad.net/ubuntu/+source/accountsservice/22.07.5-2ubuntu1.4
- https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu12~20.04.6
- https://ubuntu.com/security/notices/USN-6190-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this AccountsService vulnerability?
The vulnerability ID for this AccountsService vulnerability is USN-6190-1.
What is the impact of this vulnerability?
The vulnerability allows a local attacker to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code.
Which software versions are affected by this vulnerability?
The affected software versions include accountsservice 22.08.8-1ubuntu7.1, libaccountsservice0 22.08.8-1ubuntu7.1, accountsservice 22.08.8-1ubuntu1.1, libaccountsservice0 22.08.8-1ubuntu1.1, accountsservice 22.07.5-2ubuntu1.4, libaccountsservice0 22.07.5-2ubuntu1.4, accountsservice 0.6.55-0ubuntu12~20.04.6, and libaccountsservice0 0.6.55-0ubuntu12~20.04.6.
How can I fix this vulnerability?
To fix this vulnerability, update the affected software to the recommended version provided by the vendor.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at the following references: https://ubuntu.com/security/CVE-2023-3297, https://launchpad.net/ubuntu/+source/accountsservice/22.08.8-1ubuntu7.1, https://launchpad.net/ubuntu/+source/accountsservice/22.08.8-1ubuntu1.1
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-6190-2
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.04
- version/ubuntu ubuntu/22.10
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04