Security update for accountsservice
This update for accountsservice fixes the following issues:
This security issue was fixed:
- CVE-2018-14036: Prevent directory traversal caused by an insufficient path
check in user_change_icon_file_authorized_cb() (bsc#1099699)
Thsese non-security issues were fixed:
- Don't abort loading users when an /etc/shadow entry is missing. (bsc#1090003)
- When user session type is wayland, act_user_is_logged_in can return TRUE if the user is logged in. (bsc#1095918)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Felix Zhang (zhangxiaofei)
Fixed bugs
bnc#1099699
VUL-1: accountsservice: insufficient path check in user_change_icon_file_authorized_cb()
bnc#1090003
openQA test fails in first_boot - Normal user is not listed at GDM login screen after migrating from SLE11SP4
bnc#1095918
GNOME sessions should not be allowed to select for the logged-in user in gdm
