Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie
purl pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie
Next non-vulnerable version 22.08.8-4
Latest non-vulnerable version 23.13.9-8
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-y4tn-cs9p-v7eh
Aliases:
CVE-2012-6655
accountsservice: local encrypted password disclosure when changing password
22.08.8-4
Affected by 0 other vulnerabilities.
22.08.8-6
Affected by 0 other vulnerabilities.
23.13.9-7
Affected by 0 other vulnerabilities.
23.13.9-8
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (8)
Vulnerability Summary Aliases
VCID-4wd1-kxpx-9ugm An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location. CVE-2020-16127
VCID-84wd-4hfs-cbdm The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors. CVE-2011-4406
VCID-91vz-futd-tkfa The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition. CVE-2012-2737
VCID-bqzt-u1sk-3fht accountsservice no longer drops permissions when writting .pam_environment CVE-2022-1804
VCID-bxkw-9x1u-sbhm accountsservice: use-after-free via a D-Bus message to the accounts-daemon process CVE-2023-3297
VCID-chd6-4yfy-x7hg An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. CVE-2020-16126
VCID-p9ht-pahu-wbea accountsservice: insufficient path check in user_change_icon_file_authorized_cb() in user.c CVE-2018-14036
VCID-pnj9-7czc-pqfc Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1. CVE-2021-3939

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:18:18.851979+00:00 Debian Importer Fixing VCID-91vz-futd-tkfa https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T13:08:03.974538+00:00 Debian Importer Fixing VCID-4wd1-kxpx-9ugm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:58:16.796779+00:00 Debian Importer Fixing VCID-bxkw-9x1u-sbhm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:46:57.143633+00:00 Debian Importer Fixing VCID-84wd-4hfs-cbdm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:46:46.053257+00:00 Debian Importer Fixing VCID-p9ht-pahu-wbea https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:44:30.650440+00:00 Debian Importer Fixing VCID-bqzt-u1sk-3fht https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:14:13.601562+00:00 Debian Importer Fixing VCID-pnj9-7czc-pqfc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:01:23.780521+00:00 Debian Importer Fixing VCID-chd6-4yfy-x7hg https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:09:56.952047+00:00 Debian Importer Fixing VCID-91vz-futd-tkfa https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T09:02:01.748083+00:00 Debian Importer Fixing VCID-4wd1-kxpx-9ugm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:54:38.440142+00:00 Debian Importer Fixing VCID-bxkw-9x1u-sbhm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:17:45.552619+00:00 Debian Importer Fixing VCID-84wd-4hfs-cbdm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:17:36.464071+00:00 Debian Importer Fixing VCID-p9ht-pahu-wbea https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:15:49.967607+00:00 Debian Importer Fixing VCID-bqzt-u1sk-3fht https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:53:00.867028+00:00 Debian Importer Fixing VCID-pnj9-7czc-pqfc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:43:16.816846+00:00 Debian Importer Fixing VCID-chd6-4yfy-x7hg https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:19:29.797545+00:00 Debian Importer Affected by VCID-y4tn-cs9p-v7eh https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:18:02.912314+00:00 Debian Importer Fixing VCID-91vz-futd-tkfa https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:17:28.103149+00:00 Debian Importer Fixing VCID-4wd1-kxpx-9ugm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:16:48.704412+00:00 Debian Importer Fixing VCID-bxkw-9x1u-sbhm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:09:25.181920+00:00 Debian Importer Fixing VCID-84wd-4hfs-cbdm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:09:25.004106+00:00 Debian Importer Fixing VCID-p9ht-pahu-wbea https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:09:16.445963+00:00 Debian Importer Fixing VCID-bqzt-u1sk-3fht https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:07:25.149403+00:00 Debian Importer Fixing VCID-pnj9-7czc-pqfc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:06:45.903798+00:00 Debian Importer Fixing VCID-chd6-4yfy-x7hg https://security-tracker.debian.org/tracker/data/json 38.1.0