CVE-2015-0245 (retired)

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x
before 1.9.10 does not validate the source of ActivationFailure signals,
which allows local users to cause a denial of service (activation failure
error returned) by leveraging a race condition involving sending an
ActivationFailure signal before systemd responds.
 sarnold> The policy change is recommended for stable use, though the
  code-based changes were made for platforms where uid==0 may not be
  omnipotent -- we should probably use both in our packages, or at least
  both for the versions with distro-patched AppArmor support.
More Information

Updated: 2019-03-26 12:14:09 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)