The authenticationagentnew function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libpolkit-backend-1-dev": "0.105-4ubuntu3.14.04.2", "gir1.2-polkit-1.0": "0.105-4ubuntu3.14.04.2", "libpolkit-gobject-1-dev": "0.105-4ubuntu3.14.04.2", "libpolkit-agent-1-dev": "0.105-4ubuntu3.14.04.2", "libpolkit-gobject-1-0": "0.105-4ubuntu3.14.04.2", "libpolkit-gobject-1-0-dbgsym": "0.105-4ubuntu3.14.04.2", "libpolkit-agent-1-0-dbgsym": "0.105-4ubuntu3.14.04.2", "policykit-1-dbgsym": "0.105-4ubuntu3.14.04.2", "libpolkit-backend-1-0": "0.105-4ubuntu3.14.04.2", "libpolkit-agent-1-0": "0.105-4ubuntu3.14.04.2", "policykit-1-doc": "0.105-4ubuntu3.14.04.2", "libpolkit-backend-1-0-dbgsym": "0.105-4ubuntu3.14.04.2", "policykit-1": "0.105-4ubuntu3.14.04.2" } ] }