GNOME AccountsService does not properly validate the filepaths of user icon files in the user.c:user_change_icon_file_authorized_cb() function. An attacker could exploit this by providing a crafted path via D-Bus message and replacing it with a symlink. Third party applications that trust this path can potentially read from its location as root and try to interpret it as an image file. External Reference: http://www.openwall.com/lists/oss-security/2018/07/02/2 Upstream Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107085
Created accountsservice tracking bugs for this issue: Affects: fedora-all [bug 1597497]
openSUSE Bug: https://bugzilla.novell.com/show_bug.cgi?id=1099699
*** This bug has been marked as a duplicate of bug 1601019 ***