Detections
Analytics

openSUSE Security Update : colord (openSUSE-2011-57)

medium Nessus Plugin ID 74530

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

- Update to version 0.1.15 :

 + This release fixes an important security bug:
 CVE-2011-4349.

 + New Features :

 - Add a native driver for the Hughski ColorHug hardware

 - Export cd-math as three projects are now using it

 + Bugfixes :

 - Documentation fixes and improvements

 - Do not crash the daemon if adding the device to the db failed

 - Do not match any sensor device with a kernel driver

 - Don't be obscure when the user passes a device-id to colormgr

 - Fix a memory leak when getting properties from a device

 - Fix colormgr device-get-default-profile

 - Fix some conection bugs in colormgr

 - Fix some potential SQL injections

 - Make gusb optional

 - Only use the udev USB helper if the PID and VID have matches

 - Output the Huey calibration matrices when dumping the sensor

 - Changes from version 0.1.14 :

 + New Features :

 - Add defines for the i1 Display 3

 - Add two more DATA_source values to the specification

 - Align the output from colormgr get-devices and get-profiles

 - Allow cd-fix-profile to append and edit new metadata

 + Bugfixes :

 - Ensure non-native device are added with no driver module

 - Split the sensor and device udev code

 + Updated translations.

 - Run the colord daemon as user colord :

 + Add colord-polkit-annotate-owner.patch: add org.freedesktop.policykit.owner annotations to policy file so that running as colord user works.

 + Add a %pre script to create the colord user.

 + Add pwdutils Requires(pre), to make sure we can create the user.

 + Pass --with-daemon-user=colord to configure.

 + Package /var/lib/colord with the right user.

 + Add calls to autoreconf and intltoolize, as needed by above patch.

Solution

Update the affected colord packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=732996

Plugin Details

Severity: Medium

ID: 74530

File Name: openSUSE-2011-57.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:colord, p-cpe:/a:novell:opensuse:colord-debuginfo, p-cpe:/a:novell:opensuse:colord-debugsource, p-cpe:/a:novell:opensuse:colord-lang, p-cpe:/a:novell:opensuse:libcolord-devel, p-cpe:/a:novell:opensuse:libcolord1, p-cpe:/a:novell:opensuse:libcolord1-32bit, p-cpe:/a:novell:opensuse:libcolord1-debuginfo, p-cpe:/a:novell:opensuse:libcolord1-debuginfo-32bit, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 12/8/2011

Reference Information

CVE: CVE-2011-4349