Bugzilla – Bug 1202802
VUL-0: CVE-2021-42523: colord: Information Disclosure vulnerabilities in colord/src/cd-device-db.c and colord/src/cd-profile-db.c
Last modified: 2022-12-12 14:20:18 UTC
CVE-2021-42523 There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42523 https://www.cve.org/CVERecord?id=CVE-2021-42523 https://github.com/hughsie/colord/issues/110
This is an autogenerated message for OBS integration: This bug (1202802) was mentioned in https://build.opensuse.org/request/show/1004766 Factory / colord
SUSE-SU-2022:3496-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1202802 CVE References: CVE-2021-42523 JIRA References: Sources used: openSUSE Leap 15.4 (src): colord-1.4.5-150400.4.3.1 SUSE Linux Enterprise Workstation Extension 15-SP4 (src): colord-1.4.5-150400.4.3.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): colord-1.4.5-150400.4.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): colord-1.4.5-150400.4.3.1 SUSE Linux Enterprise Micro 5.3 (src): colord-1.4.5-150400.4.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Cleaning up GNOME CVE backlog. The fix has been submitted and accepted. Assign back to security team.
SUSE-SU-2022:4170-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 1202802 CVE References: CVE-2021-42523 JIRA References: Sources used: openSUSE Leap Micro 5.2 (src): colord-1.4.4-150200.4.6.1 openSUSE Leap 15.3 (src): colord-1.4.4-150200.4.6.1 SUSE Linux Enterprise Workstation Extension 15-SP3 (src): colord-1.4.4-150200.4.6.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): colord-1.4.4-150200.4.6.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): colord-1.4.4-150200.4.6.1 SUSE Linux Enterprise Micro 5.2 (src): colord-1.4.4-150200.4.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:4410-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1202802 CVE References: CVE-2021-42523 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): colord-1.3.3-13.3.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): colord-1.3.3-13.3.1 SUSE Linux Enterprise Server 12-SP5 (src): colord-1.3.3-13.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.