Bug#650021: CVE-2011-4349: SQL injection

[Christopher James Halse Rogers]

 tags pending
 thanks

I don't believe this would affect other applications; colord in Debian
is run as the colord system user, rather than as root.

This is fixed in colord 0.1.15, which should be uploaded soon.  Tagging
as such.



signature.asc
Description: This is a digitally signed message part

Bug#650021: CVE-2011-4349: SQL injection

[Moritz Muehlenhoff]

Source: colord
Severity: grave
Tags: security

Hi,
the following vulnerability was reported on oss-security by Ludwig
Nussel of SuSE:

colord did not quote user supplied strings which made it prone to
SQL injections:
https://bugs.freedesktop.org/show_bug.cgi?id=42904
https://bugzilla.novell.com/show_bug.cgi?id=698250

When colord runs as root and local active users are allowed to
create new devices (both are the defaults AFAIK) this allows not
only to corrupt colord's own database but also to leverage it to
modify other databases in the system (PackageKit for example also
uses sqlite).

Patches:
http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b
http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e

This has been assigned CVE-2011-4349.

Cheers,
Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org