Mesa-24.2.6-392.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14475-1 Final 1 1 2024-11-08T00:00:00Z current 2024-11-08T00:00:00Z 2024-11-08T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Mesa-24.2.6-392.1 on GA media These are all security issues fixed in the Mesa-24.2.6-392.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14475 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-45913/ SUSE CVE CVE-2023-45913 page https://www.suse.com/security/cve/CVE-2023-45919/ SUSE CVE CVE-2023-45919 page https://www.suse.com/security/cve/CVE-2023-45922/ SUSE CVE CVE-2023-45922 page openSUSE Tumbleweed Mesa-24.2.6-392.1 Mesa-32bit-24.2.6-392.1 Mesa-KHR-devel-24.2.6-392.1 Mesa-devel-24.2.6-392.1 Mesa-dri-devel-24.2.6-392.1 Mesa-libEGL-devel-24.2.6-392.1 Mesa-libEGL-devel-32bit-24.2.6-392.1 Mesa-libEGL1-24.2.6-392.1 Mesa-libEGL1-32bit-24.2.6-392.1 Mesa-libGL-devel-24.2.6-392.1 Mesa-libGL-devel-32bit-24.2.6-392.1 Mesa-libGL1-24.2.6-392.1 Mesa-libGL1-32bit-24.2.6-392.1 Mesa-libGLESv1_CM-devel-24.2.6-392.1 Mesa-libGLESv1_CM-devel-32bit-24.2.6-392.1 Mesa-libGLESv2-devel-24.2.6-392.1 Mesa-libGLESv2-devel-32bit-24.2.6-392.1 Mesa-libGLESv3-devel-24.2.6-392.1 Mesa-libglapi-devel-24.2.6-392.1 Mesa-libglapi-devel-32bit-24.2.6-392.1 Mesa-libglapi0-24.2.6-392.1 Mesa-libglapi0-32bit-24.2.6-392.1 libOSMesa-devel-24.2.6-392.1 libOSMesa-devel-32bit-24.2.6-392.1 libOSMesa8-24.2.6-392.1 libOSMesa8-32bit-24.2.6-392.1 libgbm-devel-24.2.6-392.1 libgbm-devel-32bit-24.2.6-392.1 libgbm1-24.2.6-392.1 libgbm1-32bit-24.2.6-392.1 Mesa-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-KHR-devel-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-devel-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-dri-devel-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libEGL-devel-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libEGL-devel-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libEGL1-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libEGL1-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libGL-devel-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libGL-devel-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libGL1-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libGL1-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libGLESv1_CM-devel-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libGLESv1_CM-devel-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libGLESv2-devel-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libGLESv2-devel-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libGLESv3-devel-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libglapi-devel-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libglapi-devel-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libglapi0-24.2.6-392.1 as a component of openSUSE Tumbleweed Mesa-libglapi0-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed libOSMesa-devel-24.2.6-392.1 as a component of openSUSE Tumbleweed libOSMesa-devel-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed libOSMesa8-24.2.6-392.1 as a component of openSUSE Tumbleweed libOSMesa8-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed libgbm-devel-24.2.6-392.1 as a component of openSUSE Tumbleweed libgbm-devel-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed libgbm1-24.2.6-392.1 as a component of openSUSE Tumbleweed libgbm1-32bit-24.2.6-392.1 as a component of openSUSE Tumbleweed ** DISPUTED ** Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated. CVE-2023-45913 openSUSE Tumbleweed:Mesa-24.2.6-392.1 openSUSE Tumbleweed:Mesa-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-KHR-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-dri-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libEGL-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libEGL-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libEGL1-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libEGL1-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGL-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGL-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGL1-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGL1-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv1_CM-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv1_CM-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv2-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv2-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv3-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libglapi-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libglapi-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libglapi0-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libglapi0-32bit-24.2.6-392.1 openSUSE Tumbleweed:libOSMesa-devel-24.2.6-392.1 openSUSE Tumbleweed:libOSMesa-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:libOSMesa8-24.2.6-392.1 openSUSE Tumbleweed:libOSMesa8-32bit-24.2.6-392.1 openSUSE Tumbleweed:libgbm-devel-24.2.6-392.1 openSUSE Tumbleweed:libgbm-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:libgbm1-24.2.6-392.1 openSUSE Tumbleweed:libgbm1-32bit-24.2.6-392.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45913.html CVE-2023-45913 https://bugzilla.suse.com/1222040 SUSE Bug 1222040 ** DISPUTED ** Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. CVE-2023-45919 openSUSE Tumbleweed:Mesa-24.2.6-392.1 openSUSE Tumbleweed:Mesa-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-KHR-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-dri-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libEGL-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libEGL-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libEGL1-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libEGL1-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGL-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGL-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGL1-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGL1-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv1_CM-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv1_CM-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv2-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv2-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv3-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libglapi-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libglapi-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libglapi0-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libglapi0-32bit-24.2.6-392.1 openSUSE Tumbleweed:libOSMesa-devel-24.2.6-392.1 openSUSE Tumbleweed:libOSMesa-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:libOSMesa8-24.2.6-392.1 openSUSE Tumbleweed:libOSMesa8-32bit-24.2.6-392.1 openSUSE Tumbleweed:libgbm-devel-24.2.6-392.1 openSUSE Tumbleweed:libgbm-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:libgbm1-24.2.6-392.1 openSUSE Tumbleweed:libgbm1-32bit-24.2.6-392.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45919.html CVE-2023-45919 https://bugzilla.suse.com/1222041 SUSE Bug 1222041 ** DISPUTED ** glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. CVE-2023-45922 openSUSE Tumbleweed:Mesa-24.2.6-392.1 openSUSE Tumbleweed:Mesa-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-KHR-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-dri-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libEGL-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libEGL-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libEGL1-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libEGL1-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGL-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGL-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGL1-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGL1-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv1_CM-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv1_CM-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv2-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv2-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libGLESv3-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libglapi-devel-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libglapi-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libglapi0-24.2.6-392.1 openSUSE Tumbleweed:Mesa-libglapi0-32bit-24.2.6-392.1 openSUSE Tumbleweed:libOSMesa-devel-24.2.6-392.1 openSUSE Tumbleweed:libOSMesa-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:libOSMesa8-24.2.6-392.1 openSUSE Tumbleweed:libOSMesa8-32bit-24.2.6-392.1 openSUSE Tumbleweed:libgbm-devel-24.2.6-392.1 openSUSE Tumbleweed:libgbm-devel-32bit-24.2.6-392.1 openSUSE Tumbleweed:libgbm1-24.2.6-392.1 openSUSE Tumbleweed:libgbm1-32bit-24.2.6-392.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45922.html CVE-2023-45922 https://bugzilla.suse.com/1222042 SUSE Bug 1222042