CVE-2015-0245

Priority
Description
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x
before 1.9.10 does not validate the source of ActivationFailure signals,
which allows local users to cause a denial of service (activation failure
error returned) by leveraging a race condition involving sending an
ActivationFailure signal before systemd responds.
Notes
 sarnold> The policy change is recommended for stable use, though the
  code-based changes were made for platforms where uid==0 may not be
  omnipotent -- we should probably use both in our packages, or at least
  both for the versions with distro-patched AppArmor support.
Assigned-to
mdeslaur
More Information

Updated: 2018-10-31 21:18:01 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)