CVE-2015-3256
Published: 26 October 2015
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
Notes
| Author | Note |
|---|---|
| sbeattie | likely need all the commits between 2015-06-18 and 2015-06-19 plus 2015-06-23 to address issues note that this only affected policykit versions that used javscript via libmozjs, which none of the ubuntu versions do |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
policykit-1 Launchpad, Ubuntu, Debian |
upstream |
Released
(0.113)
|
| precise |
Not vulnerable
(no libmozjs)
|
|
| trusty |
Not vulnerable
(no libmozjs)
|
|
| vivid |
Not vulnerable
(no libmozjs)
|
|
|
Patches: upstream: http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f |
||