Описание
Security update for colord
This update for colord fixes the following issues:
- CVE-2021-42523: Fixed a small memory leak in sqlite3_exec (bsc#1202802).
Список пакетов
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libcolord2-1.3.3-13.3.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libcolord2-1.3.3-13.3.1
SUSE Linux Enterprise Server 12 SP5
libcolord2-1.3.3-13.3.1
libcolord2-32bit-1.3.3-13.3.1
libcolorhug2-1.3.3-13.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libcolord2-1.3.3-13.3.1
libcolord2-32bit-1.3.3-13.3.1
libcolorhug2-1.3.3-13.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libcolord-devel-1.3.3-13.3.1
typelib-1_0-ColorHug-1_0-1.3.3-13.3.1
typelib-1_0-Colord-1_0-1.3.3-13.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5
colord-1.3.3-13.3.1
colord-lang-1.3.3-13.3.1
Ссылки
- Link for SUSE-SU-2022:4410-1
- E-Mail link for SUSE-SU-2022:4410-1
- SUSE Security Ratings
- SUSE Bug 1202802
- SUSE CVE CVE-2021-42523 page
Описание
There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.
Затронутые продукты
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libcolord2-1.3.3-13.3.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libcolord2-1.3.3-13.3.1
SUSE Linux Enterprise Server 12 SP5:libcolord2-1.3.3-13.3.1
SUSE Linux Enterprise Server 12 SP5:libcolord2-32bit-1.3.3-13.3.1
Ссылки
- CVE-2021-42523
- SUSE Bug 1202802