Multiple SQL injection flaws were found in the way colord, a color daemon that maps color devices to color profiles in the system context, performed SQL queries sanitization in database routines processing color device mappings and devices. If a local user was allowed to create new devices, and colord daemon was run as root, a local attacker could use this flaw to corrupt colord's own database or potentially other system SQLite3 based and related databases (for example that, used by polkit daemon).
Relevant upstream patches:
These issues affect the versions of the colord package, as shipped with Fedora release of 15 and 16. Please schedule an update.
Created colord tracking bugs for this issue
Affects: fedora-all [bug 757173]
The CVE identifier of CVE-2011-4349 has been assigned to these issues:
I've just done an upstream release and am building new packages now.
Built for F15, F16 and rawhide and then submitted as updates as https://admin.fedoraproject.org/updates/colord-0.1.15-1.fc15 and https://admin.fedoraproject.org/updates/colord-0.1.15-1.fc16
(In reply to comment #4)
> I've just done an upstream release and am building new packages now.
Brilliant, thank you for that.
Jan iankko Lieskovsky / Red Hat Security Response Team
colord-0.1.15-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.