CVE-2015-3256

Published: 26 October 2015

PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."

Priority

Low

Status

Package Release Status
policykit-1
Launchpad, Ubuntu, Debian
Upstream
Released (0.113)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(no libmozjs)
Patches:
Upstream: http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f

Notes

AuthorNote
sbeattie
likely need all the commits between 2015-06-18 and
2015-06-19 plus 2015-06-23 to address issues
note that this only affected policykit versions that used
javscript via libmozjs, which none of the ubuntu versions do

References