SUSE-SU-2024:3526-1

Опубликовано: 04 окт. 2024

Источник: suse-cvrf

Описание

Security update for Mesa

This update for Mesa fixes the following issues:

CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041).
CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040).
CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#CVE-2023-45922).

Список пакетов

Image SLES12-SP5-Azure-SAP-BYOS

Mesa-18.3.2-14.9.1

Mesa-dri-18.3.2-14.9.1

Mesa-libEGL1-18.3.2-14.9.1

Mesa-libGL1-18.3.2-14.9.1

Mesa-libglapi0-18.3.2-14.9.1

libgbm1-18.3.2-14.9.1

Image SLES12-SP5-Azure-SAP-On-Demand

Mesa-18.3.2-14.9.1

Mesa-dri-18.3.2-14.9.1

Mesa-libEGL1-18.3.2-14.9.1

Mesa-libGL1-18.3.2-14.9.1

Mesa-libglapi0-18.3.2-14.9.1

libgbm1-18.3.2-14.9.1

Image SLES12-SP5-EC2-SAP-BYOS

Mesa-18.3.2-14.9.1

Mesa-dri-18.3.2-14.9.1

Mesa-libEGL1-18.3.2-14.9.1

Mesa-libGL1-18.3.2-14.9.1

Mesa-libglapi0-18.3.2-14.9.1

libgbm1-18.3.2-14.9.1

Image SLES12-SP5-EC2-SAP-On-Demand

Mesa-18.3.2-14.9.1

Mesa-dri-18.3.2-14.9.1

Mesa-libEGL1-18.3.2-14.9.1

Mesa-libGL1-18.3.2-14.9.1

Mesa-libglapi0-18.3.2-14.9.1

libgbm1-18.3.2-14.9.1

Image SLES12-SP5-GCE-SAP-BYOS

Mesa-18.3.2-14.9.1

Mesa-dri-18.3.2-14.9.1

Mesa-libEGL1-18.3.2-14.9.1

Mesa-libGL1-18.3.2-14.9.1

Mesa-libglapi0-18.3.2-14.9.1

libgbm1-18.3.2-14.9.1

Image SLES12-SP5-GCE-SAP-On-Demand

Mesa-18.3.2-14.9.1

Mesa-dri-18.3.2-14.9.1

Mesa-libEGL1-18.3.2-14.9.1

Mesa-libGL1-18.3.2-14.9.1

Mesa-libglapi0-18.3.2-14.9.1

libgbm1-18.3.2-14.9.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Mesa-18.3.2-14.9.1

Mesa-dri-18.3.2-14.9.1

Mesa-libEGL1-18.3.2-14.9.1

Mesa-libGL1-18.3.2-14.9.1

Mesa-libglapi0-18.3.2-14.9.1

libgbm1-18.3.2-14.9.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

Mesa-18.3.2-14.9.1

Mesa-dri-18.3.2-14.9.1

Mesa-libEGL1-18.3.2-14.9.1

Mesa-libGL1-18.3.2-14.9.1

Mesa-libglapi0-18.3.2-14.9.1

libgbm1-18.3.2-14.9.1

SUSE Linux Enterprise Server 12 SP5

Mesa-18.3.2-14.9.1

Mesa-32bit-18.3.2-14.9.1

Mesa-dri-18.3.2-14.9.1

Mesa-dri-32bit-18.3.2-14.9.1

Mesa-libEGL1-18.3.2-14.9.1

Mesa-libEGL1-32bit-18.3.2-14.9.1

Mesa-libGL1-18.3.2-14.9.1

Mesa-libGL1-32bit-18.3.2-14.9.1

Mesa-libGLESv2-2-18.3.2-14.9.1

Mesa-libglapi0-18.3.2-14.9.1

Mesa-libglapi0-32bit-18.3.2-14.9.1

libgbm1-18.3.2-14.9.1

libgbm1-32bit-18.3.2-14.9.1

libxatracker2-1.0.0-14.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Mesa-18.3.2-14.9.1

Mesa-32bit-18.3.2-14.9.1

Mesa-dri-18.3.2-14.9.1

Mesa-dri-32bit-18.3.2-14.9.1

Mesa-libEGL1-18.3.2-14.9.1

Mesa-libEGL1-32bit-18.3.2-14.9.1

Mesa-libGL1-18.3.2-14.9.1

Mesa-libGL1-32bit-18.3.2-14.9.1

Mesa-libGLESv2-2-18.3.2-14.9.1

Mesa-libglapi0-18.3.2-14.9.1

Mesa-libglapi0-32bit-18.3.2-14.9.1

libgbm1-18.3.2-14.9.1

libgbm1-32bit-18.3.2-14.9.1

libxatracker2-1.0.0-14.9.1

SUSE Linux Enterprise Software Development Kit 12 SP5

Mesa-KHR-devel-18.3.2-14.9.1

Mesa-devel-18.3.2-14.9.1

Mesa-dri-devel-18.3.2-14.9.1

Mesa-libEGL-devel-18.3.2-14.9.1

Mesa-libGL-devel-18.3.2-14.9.1

Mesa-libGLESv1_CM-devel-18.3.2-14.9.1

Mesa-libGLESv1_CM1-18.3.2-14.9.1

Mesa-libGLESv2-devel-18.3.2-14.9.1

Mesa-libGLESv3-devel-18.3.2-14.9.1

Mesa-libVulkan-devel-18.3.2-14.9.1

Mesa-libd3d-devel-18.3.2-14.9.1

Mesa-libglapi-devel-18.3.2-14.9.1

libOSMesa-devel-18.3.2-14.9.1

libOSMesa8-18.3.2-14.9.1

libOSMesa8-32bit-18.3.2-14.9.1

libgbm-devel-18.3.2-14.9.1

libxatracker-devel-1.0.0-14.9.1

SUSE Linux Enterprise Workstation Extension 12 SP5

Mesa-libGLESv1_CM1-18.3.2-14.9.1

Mesa-libGLESv2-2-32bit-18.3.2-14.9.1

Mesa-libd3d-18.3.2-14.9.1

Mesa-libva-18.3.2-14.9.1

libXvMC_nouveau-18.3.2-14.9.1

libXvMC_r600-18.3.2-14.9.1

libvdpau_nouveau-18.3.2-14.9.1

libvdpau_r300-18.3.2-14.9.1

libvdpau_r600-18.3.2-14.9.1

libvdpau_radeonsi-18.3.2-14.9.1

libvulkan_intel-18.3.2-14.9.1

libvulkan_radeon-18.3.2-14.9.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20243526-1/
Link for SUSE-SU-2024:3526-1
https://lists.suse.com/pipermail/sle-updates/2024-October/037148.html
E-Mail link for SUSE-SU-2024:3526-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1222040
SUSE Bug 1222040
https://bugzilla.suse.com/1222041
SUSE Bug 1222041
https://bugzilla.suse.com/1222042
SUSE Bug 1222042
https://www.suse.com/security/cve/CVE-2023-45913/
SUSE CVE CVE-2023-45913 page
https://www.suse.com/security/cve/CVE-2023-45919/
SUSE CVE CVE-2023-45919 page
https://www.suse.com/security/cve/CVE-2023-45922/
SUSE CVE CVE-2023-45922 page

Описание

** DISPUTED ** Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.

Затронутые продукты

Image SLES12-SP5-Azure-SAP-BYOS:Mesa-18.3.2-14.9.1

Image SLES12-SP5-Azure-SAP-BYOS:Mesa-dri-18.3.2-14.9.1

Image SLES12-SP5-Azure-SAP-BYOS:Mesa-libEGL1-18.3.2-14.9.1

Image SLES12-SP5-Azure-SAP-BYOS:Mesa-libGL1-18.3.2-14.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-45913.html
CVE-2023-45913
https://bugzilla.suse.com/1222040
SUSE Bug 1222040

Описание

** DISPUTED ** Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.

Затронутые продукты

Image SLES12-SP5-Azure-SAP-BYOS:Mesa-18.3.2-14.9.1

Image SLES12-SP5-Azure-SAP-BYOS:Mesa-dri-18.3.2-14.9.1

Image SLES12-SP5-Azure-SAP-BYOS:Mesa-libEGL1-18.3.2-14.9.1

Image SLES12-SP5-Azure-SAP-BYOS:Mesa-libGL1-18.3.2-14.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-45919.html
CVE-2023-45919
https://bugzilla.suse.com/1222041
SUSE Bug 1222041

Описание

** DISPUTED ** glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.

Затронутые продукты

Image SLES12-SP5-Azure-SAP-BYOS:Mesa-18.3.2-14.9.1

Image SLES12-SP5-Azure-SAP-BYOS:Mesa-dri-18.3.2-14.9.1

Image SLES12-SP5-Azure-SAP-BYOS:Mesa-libEGL1-18.3.2-14.9.1

Image SLES12-SP5-Azure-SAP-BYOS:Mesa-libGL1-18.3.2-14.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-45922.html
CVE-2023-45922
https://bugzilla.suse.com/1222042
SUSE Bug 1222042

SUSE-SU-2024:3526-1

Описание

Список пакетов

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE Linux Enterprise Workstation Extension 12 SP5

Ссылки

Уязвимость: CVE-2023-45913

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-45919

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-45922

Описание

Затронутые продукты

Ссылки