vulnerability

Ubuntu: USN-5149-1 (CVE-2021-3939): AccountsService vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Nov 17, 2021	Mar 22, 2023	Aug 18, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Nov 17, 2021

Added

Mar 22, 2023

Modified

Aug 18, 2025

Description

Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.

Solutions

ubuntu-upgrade-accountsserviceubuntu-upgrade-libaccountsservice0

References

CVE-2021-3939
https://attackerkb.com/topics/CVE-2021-3939
CWE-590
CWE-763
UBUNTU-USN-5149-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today