Bug 943816 (CVE-2015-3256) - VUL-0: CVE-2015-3256: polkit: Memory corruption via javascript rule evaluation
Summary: VUL-0: CVE-2015-3256: polkit: Memory corruption via javascript rule evaluation
Status: RESOLVED FIXED
Alias: CVE-2015-3256
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/153728/
Whiteboard: CVSSv2:RedHat:CVE-2015-3256:4.4:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-31 13:36 UTC by Sebastian Krahmer
Modified: 2016-04-27 19:44 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
CVE-2015-3256 (23.95 KB, patch)
2015-10-02 09:58 UTC, Andreas Stieger 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2015-08-31 13:36:21 UTC 
Various DoS and memory corruption issues were fixed in the polkit daemon.
Anyone who can send DBUS messages can crash/exploit this.

rh#1245684



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1245684
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3256
Comment 1 Swamp Workflow Management 2015-08-31 22:00:25 UTC 
bugbot adjusting priority
Comment 3 Andreas Stieger 2015-10-02 09:58:32 UTC 
Created attachment 649884 [details]
CVE-2015-3256

combined patch generated via
git format-patch d7da6a23766e9c95fa333a0a9c742f7397c0ad22 -10

Applies cleanly to SLE 12 Version

Note that this is about half the difference between 0.112 and 0.113, with bug CVE-2015-3218, bug CVE-2015-4625 and bug CVE-2015-3255 also fixed in that release. A minor version upgrade may be less regression prone than back-porting 80% of the upstream changes.
Comment 4 Marcus Meissner 2015-10-02 11:36:45 UTC 
no javascript in sle11 policykit, so not affected ;)
Comment 6 Swamp Workflow Management 2015-10-14 08:10:55 UTC 
openSUSE-SU-2015:1734-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 933922,935119,939246,943816
CVE References: CVE-2015-3218,CVE-2015-3255,CVE-2015-3256,CVE-2015-4625
Sources used:
openSUSE 13.2 (src):    polkit-0.113-3.8.1
openSUSE 13.1 (src):    polkit-0.113-9.1
Comment 8 Swamp Workflow Management 2015-10-28 11:11:17 UTC 
SUSE-SU-2015:1838-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 912889,933922,935119,939246,943816,950114
CVE References: CVE-2015-3218,CVE-2015-3255,CVE-2015-3256,CVE-2015-4625
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    polkit-0.113-4.1
SUSE Linux Enterprise Software Development Kit 12 (src):    polkit-0.113-4.1
SUSE Linux Enterprise Server 12 (src):    polkit-0.113-4.1
SUSE Linux Enterprise Desktop 12 (src):    polkit-0.113-4.1
Comment 9 Swamp Workflow Management 2015-11-06 17:12:02 UTC 
openSUSE-SU-2015:1927-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 912889,933922,935119,939246,943816,950114
CVE References: CVE-2015-3218,CVE-2015-3255,CVE-2015-3256,CVE-2015-4625
Sources used:
openSUSE Leap 42.1 (src):    polkit-0.113-6.1
Comment 10 Sebastian Krahmer 2015-11-24 08:54:03 UTC 
released