Security update for colord SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4483-1 Final 1 1 2025-12-18T12:29:27Z current 2025-12-18T12:29:27Z 2025-12-18T12:29:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for colord This update for colord fixes the following issues: - Rework fix for CVE-2021-42523 to avoid invalid pointer error during certain installations (bsc#1250750). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4483,SUSE-SLE-SERVER-12-SP5-LTSS-2025-4483,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4483 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254483-1/ Link for SUSE-SU-2025:4483-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023613.html E-Mail link for SUSE-SU-2025:4483-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1202802 SUSE Bug 1202802 https://bugzilla.suse.com/1250750 SUSE Bug 1250750 https://www.suse.com/security/cve/CVE-2021-42523/ SUSE CVE CVE-2021-42523 page SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 colord-1.3.3-13.9.2 colord-lang-1.3.3-13.9.2 libcolord-devel-1.3.3-13.9.2 libcolord2-1.3.3-13.9.2 libcolord2-32bit-1.3.3-13.9.2 libcolord2-64bit-1.3.3-13.9.2 libcolorhug2-1.3.3-13.9.2 typelib-1_0-ColorHug-1_0-1.3.3-13.9.2 typelib-1_0-Colord-1_0-1.3.3-13.9.2 libcolord-devel-1.3.3-13.9.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libcolord2-1.3.3-13.9.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libcolord2-32bit-1.3.3-13.9.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libcolorhug2-1.3.3-13.9.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libcolord-devel-1.3.3-13.9.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libcolord2-1.3.3-13.9.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libcolord2-32bit-1.3.3-13.9.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libcolorhug2-1.3.3-13.9.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it. CVE-2021-42523 SUSE Linux Enterprise Server 12 SP5-LTSS:libcolord-devel-1.3.3-13.9.2 SUSE Linux Enterprise Server 12 SP5-LTSS:libcolord2-1.3.3-13.9.2 SUSE Linux Enterprise Server 12 SP5-LTSS:libcolord2-32bit-1.3.3-13.9.2 SUSE Linux Enterprise Server 12 SP5-LTSS:libcolorhug2-1.3.3-13.9.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libcolord-devel-1.3.3-13.9.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libcolord2-1.3.3-13.9.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libcolord2-32bit-1.3.3-13.9.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libcolorhug2-1.3.3-13.9.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254483-1/ https://www.suse.com/security/cve/CVE-2021-42523.html CVE-2021-42523 https://bugzilla.suse.com/1202802 SUSE Bug 1202802