CVE-2015-3256

Publication date 26 October 2015

Last updated 24 July 2024

PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
policykit-1	15.04 vivid	Not affected
	14.04 LTS trusty	Not affected
	12.04 LTS precise	Not affected

How can I get the fixes?
What do statuses mean?
Patch details

Notes

sbeattie

likely need all the commits between 2015-06-18 and 2015-06-19 plus 2015-06-23 to address issues note that this only affected policykit versions that used javscript via libmozjs, which none of the ubuntu versions do

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
policykit-1	Upstream: ?id=9f5

References

MITRE
NVD
Launchpad
Debian

Other references

https://bugs.freedesktop.org/show_bug.cgi?id=69501
https://bugzilla.redhat.com/show_bug.cgi?id=910262#c75
https://www.cve.org/CVERecord?id=CVE-2015-3256