Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1289-1
Solution
Please Install the Updated Packages.
Insight
It was discovered that colord incorrectly handled certain SQL queries. A local attacker could exploit this to modify arbitrary sqlite databases. On Ubuntu, colord runs as its own user by default, so standard file permissions would limit which databases could be altered.
Affected
colord on Ubuntu 11.10
Severity
Classification
-
CVE CVE-2011-4349 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities