Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-3255

Published: 26 October 2015

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

Priority

Low

Status

Package Release Status
policykit-1
Launchpad, Ubuntu, Debian
artful
Released (0.105-11ubuntu1)
bionic
Released (0.105-11ubuntu1)
trusty
Released (0.105-4ubuntu3.14.04.2)
upstream Needs triage

vivid Ignored
(end of life)
wily
Released (0.105-11ubuntu1)
xenial
Released (0.105-11ubuntu1)
yakkety
Released (0.105-11ubuntu1)
zesty
Released (0.105-11ubuntu1)
precise Ignored
(end of life)
Patches:
upstream: http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f