CVE-2015-3218

Priority
Description
The authentication_agent_new function in
polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit)
before 0.113 allows local users to cause a denial of service (NULL pointer
dereference and polkitd daemon crash) by calling
RegisterAuthenticationAgent with an invalid object path.
Assigned-to
mdeslaur
Package
Upstream:released (0.105-11)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):released (0.105-4ubuntu3.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (0.105-11)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.105-11)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (0.105-11)
Ubuntu 19.04 (Disco Dingo):not-affected (0.105-11)
Patches:
Upstream:http://cgit.freedesktop.org/polkit/commit/?id=48e646918efb2bf0b3b505747655726d7869f31c
More Information

Updated: 2019-01-14 21:17:03 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)