Описание
Security update for colord
This update for colord fixes the following issues:
- Rework fix for CVE-2021-42523 to avoid invalid pointer error during certain installations (bsc#1250750).
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
libcolord-devel-1.3.3-13.9.2
libcolord2-1.3.3-13.9.2
libcolord2-32bit-1.3.3-13.9.2
libcolorhug2-1.3.3-13.9.2
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libcolord-devel-1.3.3-13.9.2
libcolord2-1.3.3-13.9.2
libcolord2-32bit-1.3.3-13.9.2
libcolorhug2-1.3.3-13.9.2
Ссылки
- Link for SUSE-SU-2025:4483-1
- E-Mail link for SUSE-SU-2025:4483-1
- SUSE Security Ratings
- SUSE Bug 1202802
- SUSE Bug 1250750
- SUSE CVE CVE-2021-42523 page
Описание
There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libcolord-devel-1.3.3-13.9.2
SUSE Linux Enterprise Server 12 SP5-LTSS:libcolord2-1.3.3-13.9.2
SUSE Linux Enterprise Server 12 SP5-LTSS:libcolord2-32bit-1.3.3-13.9.2
SUSE Linux Enterprise Server 12 SP5-LTSS:libcolorhug2-1.3.3-13.9.2
Ссылки
- CVE-2021-42523
- SUSE Bug 1202802