Security update for colord SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3899-1 Final 1 1 2025-10-31T14:56:12Z current 2025-10-31T14:56:12Z 2025-10-31T14:56:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for colord This update for colord fixes the following issues: - CVE-2021-42523: The original fix was wrong and did not properly free the error, resulting in a crash that has now been addressed (bsc#1250750). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3899,SUSE-SLE-Micro-5.3-2025-3899,SUSE-SLE-Micro-5.4-2025-3899,SUSE-SLE-Micro-5.5-2025-3899 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253899-1/ Link for SUSE-SU-2025:3899-1 https://lists.suse.com/pipermail/sle-security-updates/2025-October/023130.html E-Mail link for SUSE-SU-2025:3899-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1250750 SUSE Bug 1250750 https://www.suse.com/security/cve/CVE-2021-42523/ SUSE CVE CVE-2021-42523 page SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 colord-1.4.5-150400.4.9.1 colord-color-profiles-1.4.5-150400.4.9.1 colord-lang-1.4.5-150400.4.9.1 libcolord-devel-1.4.5-150400.4.9.1 libcolord2-1.4.5-150400.4.9.1 libcolord2-32bit-1.4.5-150400.4.9.1 libcolord2-64bit-1.4.5-150400.4.9.1 libcolorhug2-1.4.5-150400.4.9.1 typelib-1_0-Colord-1_0-1.4.5-150400.4.9.1 typelib-1_0-Colorhug-1_0-1.4.5-150400.4.9.1 libcolord2-1.4.5-150400.4.9.1 as a component of SUSE Linux Enterprise Micro 5.3 libcolord2-1.4.5-150400.4.9.1 as a component of SUSE Linux Enterprise Micro 5.4 libcolord2-1.4.5-150400.4.9.1 as a component of SUSE Linux Enterprise Micro 5.5 There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it. CVE-2021-42523 SUSE Linux Enterprise Micro 5.3:libcolord2-1.4.5-150400.4.9.1 SUSE Linux Enterprise Micro 5.4:libcolord2-1.4.5-150400.4.9.1 SUSE Linux Enterprise Micro 5.5:libcolord2-1.4.5-150400.4.9.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253899-1/ https://www.suse.com/security/cve/CVE-2021-42523.html CVE-2021-42523 https://bugzilla.suse.com/1202802 SUSE Bug 1202802