1
Candidate: CVE-2015-3218
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3218
5
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
7
The authentication_agent_new function in
8
polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit)
9
before 0.113 allows local users to cause a denial of service (NULL pointer
10
dereference and polkitd daemon crash) by calling
11
RegisterAuthenticationAgent with an invalid object path.
15
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787932
16
https://bugs.freedesktop.org/show_bug.cgi?id=90829
18
Discovered-by: Tavis Ormandy
22
upstream: http://cgit.freedesktop.org/polkit/commit/?id=48e646918efb2bf0b3b505747655726d7869f31c
23
upstream_policykit-1: released (0.105-11)
24
precise_policykit-1: ignored (reached end-of-life)
25
precise/esm_policykit-1: needed
26
trusty_policykit-1: needed
27
utopic_policykit-1: ignored (reached end-of-life)
28
vivid_policykit-1: ignored (reached end-of-life)
29
vivid/stable-phone-overlay_policykit-1: ignored (reached end-of-life)
30
vivid/ubuntu-core_policykit-1: DNE
31
wily_policykit-1: not-affected (0.105-11)
32
xenial_policykit-1: not-affected (0.105-11)
33
yakkety_policykit-1: not-affected (0.105-11)
34
zesty_policykit-1: not-affected (0.105-11)
35
artful_policykit-1: not-affected (0.105-11)
36
bionic_policykit-1: not-affected (0.105-11)
37
devel_policykit-1: not-affected (0.105-11)