openSUSE Security Update : colord (openSUSE-2011-57)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

- Update to version 0.1.15 :

+ This release fixes an important security bug:
CVE-2011-4349.

+ New Features :

- Add a native driver for the Hughski ColorHug hardware

- Export cd-math as three projects are now using it

+ Bugfixes :

- Documentation fixes and improvements

- Do not crash the daemon if adding the device to the db
failed

- Do not match any sensor device with a kernel driver

- Don't be obscure when the user passes a device-id to
colormgr

- Fix a memory leak when getting properties from a device

- Fix colormgr device-get-default-profile

- Fix some conection bugs in colormgr

- Fix some potential SQL injections

- Make gusb optional

- Only use the udev USB helper if the PID and VID have
matches

- Output the Huey calibration matrices when dumping the
sensor

- Changes from version 0.1.14 :

+ New Features :

- Add defines for the i1 Display 3

- Add two more DATA_source values to the specification

- Align the output from colormgr get-devices and
get-profiles

- Allow cd-fix-profile to append and edit new metadata

+ Bugfixes :

- Ensure non-native device are added with no driver module

- Split the sensor and device udev code

+ Updated translations.

- Run the colord daemon as user colord :

+ Add colord-polkit-annotate-owner.patch: add
org.freedesktop.policykit.owner annotations to policy
file so that running as colord user works.

+ Add a %pre script to create the colord user.

+ Add pwdutils Requires(pre), to make sure we can create
the user.

+ Pass --with-daemon-user=colord to configure.

+ Package /var/lib/colord with the right user.

+ Add calls to autoreconf and intltoolize, as needed by
above patch.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=732996

Solution :

Update the affected colord packages.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 74530 ()

Bugtraq ID:

CVE ID: CVE-2011-4349

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now