Rperier

**Name of the Vulnerable Software and Affected Versions** language-selector versions prior to 0.6.7 **Description** The issue concerns a lack of validation for arguments passed to certain functions, allowing local users to potentially gain privileges through the use of shell metacharacters in string arguments. This is related to the `SetSystemDefaultLangEnv` and `SetSystemDefaultLanguageEnv` functions in the D-Bus backend. **Recommendations** For versions prior to 0.6.7, update to version 0.6.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `SetSystemDefaultLangEnv` and `SetSystemDefaultLanguageEnv` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** language-selector versions prior to 0.6.7 **Description** The issue allows local users to modify system files, specifically /etc/default/locale and /etc/environment, by making certain calls to the D-Bus backend. This is possible because the dbus backend/ls-dbus-backend in language-selector does not properly restrict access based on PolicyKit check results, enabling unauthorized modifications via SetSystemDefaultLangEnv or SetSystemDefaultLanguageEnv calls. **Recommendations** For versions prior to 0.6.7, update to version 0.6.7 or later to resolve the issue.