[USN-5149-1] AccountsService vulnerability

========================================================================== Ubuntu Security Notice USN-5149-1 November 16, 2021
accountsservice vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 21.04 – Ubuntu 20.04 LTS
Summary:
AccountsService could be made to crash or run programs as an administrator if it received a specially crafted command.
Software Description: – accountsservice: query and manipulate user account information
Details:
Kevin Backhouse discovered that AccountsService incorrectly handled memory when performing certain language setting operations. A local attacker could use this issue to escalate privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: accountsservice 0.6.55-0ubuntu14.1 libaccountsservice0 0.6.55-0ubuntu14.1
Ubuntu 21.04: accountsservice 0.6.55-0ubuntu13.3 libaccountsservice0 0.6.55-0ubuntu13.3
Ubuntu 20.04 LTS: accountsservice 0.6.55-0ubuntu12~20.04.5 libaccountsservice0 0.6.55-0ubuntu12~20.04.5
After a standard system update you need to reboot your computer to make all the necessary changes.
References: ubuntu.com/security/notices/USN-5149-1 CVE-2021-3939
Package Information: launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu14.1 launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu13.3 launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu12~20.04.5