Hayawardh Vijayakumar

**Name of the Vulnerable Software and Affected Versions** AccountsService versions prior to 0.6.14-1git1ubuntu1.1 **Description** The issue allows local users to modify arbitrary files due to improper privilege handling when changing language settings. **Recommendations** For versions prior to 0.6.14-1git1ubuntu1.1, update to version 0.6.14-1git1ubuntu1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** apache2 versions 2.2.16-6+squeeze10 and earlier, versions 2.2.22-12 and earlier **Description** The issue is related to the improper creation of the /var/lock/apache2 lock directory by the apache2ctl script in the apache2 package for the Apache HTTP Server on Debian GNU/Linux. This allows local users to gain privileges via an unspecified symlink attack. **Recommendations** For versions 2.2.16-6+squeeze10 and earlier, update to version 2.2.16-6+squeeze11 or later. For versions 2.2.22-12 and earlier, update to version 2.2.22-13 or later.