Описание
Security update for colord
This update for colord fixes the following issues:
- CVE-2021-42523: The original fix was wrong and did not properly free the error, resulting in a crash that has now been addressed (bsc#1250750).
Список пакетов
Container suse/kiosk/firefox-esr:latest
libcolord2-1.4.6-150600.3.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libcolord2-1.4.6-150600.3.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libcolord2-1.4.6-150600.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
colord-color-profiles-1.4.6-150600.3.8.1
libcolord-devel-1.4.6-150600.3.8.1
libcolorhug2-1.4.6-150600.3.8.1
typelib-1_0-Colord-1_0-1.4.6-150600.3.8.1
typelib-1_0-Colorhug-1_0-1.4.6-150600.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
colord-color-profiles-1.4.6-150600.3.8.1
libcolord-devel-1.4.6-150600.3.8.1
libcolorhug2-1.4.6-150600.3.8.1
typelib-1_0-Colord-1_0-1.4.6-150600.3.8.1
typelib-1_0-Colorhug-1_0-1.4.6-150600.3.8.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
colord-1.4.6-150600.3.8.1
colord-color-profiles-1.4.6-150600.3.8.1
colord-lang-1.4.6-150600.3.8.1
libcolord-devel-1.4.6-150600.3.8.1
libcolord2-1.4.6-150600.3.8.1
libcolorhug2-1.4.6-150600.3.8.1
typelib-1_0-Colord-1_0-1.4.6-150600.3.8.1
typelib-1_0-Colorhug-1_0-1.4.6-150600.3.8.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
colord-1.4.6-150600.3.8.1
SUSE Linux Enterprise Workstation Extension 15 SP6
colord-1.4.6-150600.3.8.1
colord-lang-1.4.6-150600.3.8.1
SUSE Linux Enterprise Workstation Extension 15 SP7
colord-1.4.6-150600.3.8.1
colord-lang-1.4.6-150600.3.8.1
openSUSE Leap 15.6
colord-1.4.6-150600.3.8.1
colord-color-profiles-1.4.6-150600.3.8.1
colord-lang-1.4.6-150600.3.8.1
libcolord-devel-1.4.6-150600.3.8.1
libcolord2-1.4.6-150600.3.8.1
libcolord2-32bit-1.4.6-150600.3.8.1
libcolorhug2-1.4.6-150600.3.8.1
typelib-1_0-Colord-1_0-1.4.6-150600.3.8.1
typelib-1_0-Colorhug-1_0-1.4.6-150600.3.8.1
Ссылки
- Link for SUSE-SU-2025:3949-1
- E-Mail link for SUSE-SU-2025:3949-1
- SUSE Security Ratings
- SUSE Bug 1250750
- SUSE CVE CVE-2021-42523 page
Описание
There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.
Затронутые продукты
Container suse/kiosk/firefox-esr:latest:libcolord2-1.4.6-150600.3.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libcolord2-1.4.6-150600.3.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libcolord2-1.4.6-150600.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:colord-color-profiles-1.4.6-150600.3.8.1
Ссылки
- CVE-2021-42523
- SUSE Bug 1202802