SUSE-SU-2022:4170-1

Опубликовано: 22 нояб. 2022

Источник: suse-cvrf

Описание

Security update for colord

This update for colord fixes the following issues:

CVE-2021-42523: Fixed small memory leak in sqlite3_exec (bsc#1202802).

Список пакетов

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libcolord2-1.4.4-150200.4.6.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libcolord2-1.4.4-150200.4.6.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libcolord2-1.4.4-150200.4.6.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libcolord2-1.4.4-150200.4.6.1

SUSE Linux Enterprise Micro 5.2

libcolord2-1.4.4-150200.4.6.1

SUSE Linux Enterprise Module for Basesystem 15 SP3

libcolord2-1.4.4-150200.4.6.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

colord-color-profiles-1.4.4-150200.4.6.1

libcolord-devel-1.4.4-150200.4.6.1

libcolorhug2-1.4.4-150200.4.6.1

typelib-1_0-Colord-1_0-1.4.4-150200.4.6.1

typelib-1_0-Colorhug-1_0-1.4.4-150200.4.6.1

SUSE Linux Enterprise Workstation Extension 15 SP3

colord-1.4.4-150200.4.6.1

colord-lang-1.4.4-150200.4.6.1

openSUSE Leap 15.3

colord-1.4.4-150200.4.6.1

colord-color-profiles-1.4.4-150200.4.6.1

colord-lang-1.4.4-150200.4.6.1

libcolord-devel-1.4.4-150200.4.6.1

libcolord2-1.4.4-150200.4.6.1

libcolord2-32bit-1.4.4-150200.4.6.1

libcolorhug2-1.4.4-150200.4.6.1

typelib-1_0-Colord-1_0-1.4.4-150200.4.6.1

typelib-1_0-Colorhug-1_0-1.4.4-150200.4.6.1

openSUSE Leap Micro 5.2

libcolord2-1.4.4-150200.4.6.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224170-1/
Link for SUSE-SU-2022:4170-1
https://lists.suse.com/pipermail/sle-security-updates/2022-November/013068.html
E-Mail link for SUSE-SU-2022:4170-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1202802
SUSE Bug 1202802
https://www.suse.com/security/cve/CVE-2021-42523/
SUSE CVE CVE-2021-42523 page

Описание

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.

Затронутые продукты

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libcolord2-1.4.4-150200.4.6.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libcolord2-1.4.4-150200.4.6.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libcolord2-1.4.4-150200.4.6.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libcolord2-1.4.4-150200.4.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-42523.html
CVE-2021-42523
https://bugzilla.suse.com/1202802
SUSE Bug 1202802

SUSE-SU-2022:4170-1

Описание

Список пакетов

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Module for Basesystem 15 SP3

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

SUSE Linux Enterprise Workstation Extension 15 SP3

openSUSE Leap 15.3

openSUSE Leap Micro 5.2

Ссылки

Уязвимость: CVE-2021-42523

Описание

Затронутые продукты

Ссылки