Security update for caribou SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:2414-1 Final 1 1 2021-07-20T13:26:23Z current 2021-07-20T13:26:23Z 2021-07-20T13:26:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for caribou This update for caribou fixes the following issues: Security issue fixed: - CVE-2021-3567: Fixed a segfault when attempting to use shifted characters (bsc#1186617). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-2414,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-2414,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2414 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20212414-1/ Link for SUSE-SU-2021:2414-1 https://lists.suse.com/pipermail/sle-security-updates/2021-July/009161.html E-Mail link for SUSE-SU-2021:2414-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1186617 SUSE Bug 1186617 https://bugzilla.suse.com/1187112 SUSE Bug 1187112 https://www.suse.com/security/cve/CVE-2021-3567/ SUSE CVE CVE-2021-3567 page SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SP3 caribou-0.4.21-12.5.1 caribou-common-0.4.21-12.5.1 caribou-devel-0.4.21-12.5.1 caribou-gtk-module-common-0.4.21-12.5.1 caribou-gtk2-module-0.4.21-12.5.1 caribou-gtk3-module-0.4.21-12.5.1 caribou-lang-0.4.21-12.5.1 libcaribou0-0.4.21-12.5.1 typelib-1_0-Caribou-1_0-0.4.21-12.5.1 caribou-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2 caribou-common-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2 caribou-devel-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2 caribou-gtk-module-common-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2 caribou-gtk2-module-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2 caribou-gtk3-module-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2 caribou-lang-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2 libcaribou0-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2 typelib-1_0-Caribou-1_0-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2 caribou-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 caribou-common-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 caribou-devel-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 caribou-gtk-module-common-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 caribou-gtk2-module-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 caribou-gtk3-module-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 caribou-lang-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 libcaribou0-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 typelib-1_0-Caribou-1_0-0.4.21-12.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability. CVE-2021-3567 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:caribou-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:caribou-common-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:caribou-devel-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:caribou-gtk-module-common-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:caribou-gtk2-module-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:caribou-gtk3-module-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:caribou-lang-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libcaribou0-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:typelib-1_0-Caribou-1_0-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:caribou-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:caribou-common-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:caribou-devel-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:caribou-gtk-module-common-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:caribou-gtk2-module-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:caribou-gtk3-module-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:caribou-lang-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libcaribou0-0.4.21-12.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:typelib-1_0-Caribou-1_0-0.4.21-12.5.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212414-1/ https://www.suse.com/security/cve/CVE-2021-3567.html CVE-2021-3567 https://bugzilla.suse.com/1186617 SUSE Bug 1186617