openSUSE Security Update : colord (openSUSE-2011-57)

Medium Nessus Plugin ID 74530


The remote openSUSE host is missing a security update.


- Update to version 0.1.15 :

+ This release fixes an important security bug:

+ New Features :

- Add a native driver for the Hughski ColorHug hardware

- Export cd-math as three projects are now using it

+ Bugfixes :

- Documentation fixes and improvements

- Do not crash the daemon if adding the device to the db failed

- Do not match any sensor device with a kernel driver

- Don't be obscure when the user passes a device-id to colormgr

- Fix a memory leak when getting properties from a device

- Fix colormgr device-get-default-profile

- Fix some conection bugs in colormgr

- Fix some potential SQL injections

- Make gusb optional

- Only use the udev USB helper if the PID and VID have matches

- Output the Huey calibration matrices when dumping the sensor

- Changes from version 0.1.14 :

+ New Features :

- Add defines for the i1 Display 3

- Add two more DATA_source values to the specification

- Align the output from colormgr get-devices and get-profiles

- Allow cd-fix-profile to append and edit new metadata

+ Bugfixes :

- Ensure non-native device are added with no driver module

- Split the sensor and device udev code

+ Updated translations.

- Run the colord daemon as user colord :

+ Add colord-polkit-annotate-owner.patch: add org.freedesktop.policykit.owner annotations to policy file so that running as colord user works.

+ Add a %pre script to create the colord user.

+ Add pwdutils Requires(pre), to make sure we can create the user.

+ Pass --with-daemon-user=colord to configure.

+ Package /var/lib/colord with the right user.

+ Add calls to autoreconf and intltoolize, as needed by above patch.


Update the affected colord packages.

See Also

Plugin Details

Severity: Medium

ID: 74530

File Name: openSUSE-2011-57.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:colord, p-cpe:/a:novell:opensuse:colord-debuginfo, p-cpe:/a:novell:opensuse:colord-debugsource, p-cpe:/a:novell:opensuse:colord-lang, p-cpe:/a:novell:opensuse:libcolord-devel, p-cpe:/a:novell:opensuse:libcolord1, p-cpe:/a:novell:opensuse:libcolord1-32bit, p-cpe:/a:novell:opensuse:libcolord1-debuginfo, p-cpe:/a:novell:opensuse:libcolord1-debuginfo-32bit, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2011/12/08

Reference Information

CVE: CVE-2011-4349