openSUSE-SU-2022:0479-1

Опубликовано: 17 фев. 2022

Источник: suse-cvrf

Описание

Security update for virglrenderer

This update for virglrenderer fixes the following issues:

CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389).

Список пакетов

openSUSE Leap 15.3

libvirglrenderer0-0.6.0-4.9.1

virglrenderer-devel-0.6.0-4.9.1

virglrenderer-test-server-0.6.0-4.9.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EQXVEUIFIMFD6G5N2JBQ2A6XUYVZBCSY/
E-Mail link for openSUSE-SU-2022:0479-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1195389
SUSE Bug 1195389
https://www.suse.com/security/cve/CVE-2022-0135/
SUSE CVE CVE-2022-0135 page

Описание

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

Затронутые продукты

openSUSE Leap 15.3:libvirglrenderer0-0.6.0-4.9.1

openSUSE Leap 15.3:virglrenderer-devel-0.6.0-4.9.1

openSUSE Leap 15.3:virglrenderer-test-server-0.6.0-4.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-0135.html
CVE-2022-0135
https://bugzilla.suse.com/1195389
SUSE Bug 1195389
https://bugzilla.suse.com/1196396
SUSE Bug 1196396

openSUSE-SU-2022:0479-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2022-0135

Описание

Затронутые продукты

Ссылки