CVE-2015-0245

Priority
Description
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x
before 1.9.10 does not validate the source of ActivationFailure signals,
which allows local users to cause a denial of service (activation failure
error returned) by leveraging a race condition involving sending an
ActivationFailure signal before systemd responds.
Assigned-to
mdeslaur
Notes
sarnoldThe policy change is recommended for stable use, though the
code-based changes were made for platforms where uid==0 may not be
omnipotent -- we should probably use both in our packages, or at least
both for the versions with distro-patched AppArmor support.
More Information

Updated: 2020-07-28 19:53:23 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)