Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Ubuntu 11.10 USN-1289-1 Critical: colord Database Modification Risk

Calendar Dec 07, 2011 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical ubuntu database exploitation colord
colord could be made to modify databases. 
=========================================================================Ubuntu Security Notice USN-1289-1
December 07, 2011

colord vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10

Summary:

colord could be made to modify databases.

Software Description:
- colord: Service to manage device colour profiles

Details:

It was discovered that colord incorrectly handled certain SQL queries. A
local attacker could exploit this to modify arbitrary sqlite databases. On
Ubuntu, colord runs as its own user by default, so standard file
permissions would limit which databases could be altered.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  colord                          0.1.12-1ubuntu2.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1289-1
  CVE-2011-4349

Package Information:
  https://launchpad.net/ubuntu/+source/colord/0.1.12-1ubuntu2.1

Ubuntu 11.10 USN-1289-1 Critical: colord Database Modification Risk

ubuntu
Calendar Grey December 7, 2011
Dist Ubuntu Esm H88
A security flaw in Colord impacts Ubuntu 11.10, enabling local users to alter databases; prompt update advised.
colord could be made to modify databases.

Summary

Topics%20covered

Topics Covered

security advisory critical ubuntu database exploitation colord

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: colord 0.1.12-1ubuntu2.1 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1289-1

CVE-2011-4349

Severity
critical
Lowest
Low
Medium
High
Critical

December 07, 2011

Topics%20covered

Topics Covered

security advisory critical ubuntu database exploitation colord

Package Information

https://launchpad.net/ubuntu/+source/colord/0.1.12-1ubuntu2.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here