Security update for dri3proto, presentproto, wayland-protocols, xwayland SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2776-1 Final 1 1 2024-08-06T12:33:59Z current 2024-08-06T12:33:59Z 2024-08-06T12:33:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dri3proto, presentproto, wayland-protocols, xwayland This update for dri3proto, presentproto, wayland-protocols, xwayland fixes the following issues: Changes in presentproto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in wayland-protocols: - Update to version 1.36: * xdg-dialog: fix missing namespace in protocol name - Changes from version 1.35: * cursor-shape-v1: Does not advertises the list of supported cursors * xdg-shell: add missing enum attribute to set_constraint_adjustment * xdg-shell: recommend against drawing decorations when tiled * tablet-v2: mark as stable * staging: add alpha-modifier protocol - Update to 1.36 * Fix to the xdg dialog protocol * tablet-v2 protocol is now stable * alpha-modifier: new protocol * Bug fix to the cursor shape documentation * The xdg-shell protocol now also explicitly recommends against drawing decorations outside of the window geometry when tiled - Update to 1.34: * xdg-dialog: new protocol * xdg-toplevel-drag: new protocol * Fix typo in ext-foreign-toplevel-list-v1 * tablet-v2: clarify that name/id events are optional * linux-drm-syncobj-v1: new protocol * linux-explicit-synchronization-v1: add linux-drm-syncobj note - Update to version 1.33: * xdg-shell: Clarify what a toplevel by default includes * linux-dmabuf: sync changes from unstable to stable * linux-dmabuf: require all planes to use the same modifier * presentation-time: stop referring to Linux/glibc * security-context-v1: Make sandbox engine names use reverse-DNS * xdg-decoration: remove ambiguous wording in configure event * xdg-decoration: fix configure event summary * linux-dmabuf: mark as stable * linux-dmabuf: add note about implicit sync * security-context-v1: Document what can be done with the open sockets * security-context-v1: Document out of band metadata for flatpak Changes in dri3proto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in xwayland: - Update to bugfix release 24.1.1 for the current stable 24.1 branch of Xwayland * xwayland: fix segment fault in `xwl_glamor_gbm_init_main_dev` * os: Explicitly include X11/Xmd.h for CARD32 definition to fix building on i686 * present: On *BSD, epoll-shim is needed to emulate eventfd() * xwayland: Stop on first unmapped child * xwayland/window-buffers: Promote xwl_window_buffer * xwayland/window-buffers: Add xwl_window_buffer_release() * xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM * xwayland/window-buffers: Use synchronization from GLAMOR/GBM * xwayland/window-buffers: Do not always set syncpnts * xwayland/window-buffers: Move code to submit pixmaps * xwayland/window-buffers: Set syncpnts for all pixmaps * xwayland: Move xwl_window disposal to its own function * xwayland: Make sure we do not leak xwl_window on destroy * wayland/window-buffers: Move buffer disposal to its own function * xwayland/window-buffers: optionally force disposal * wayland: Force disposal of windows buffers for root on destroy * xwayland: Check for pointer in xwl_seat_leave_ptr() * xwayland: remove includedir from pkgconfig - disable DPMS on sle15 due to missing proto package - Update to feature release 24.1.0 * This fixes a couple of regressions introduced in the previous release candidate versions along with a fix for XTEST emulation with EI. + xwayland: Send ei_device_frame on device_scroll_discrete + xwayland: Restore the ResizeWindow handler + xwayland: Handle rootful resize in ResizeWindow + xwayland: Move XRandR emulation to the ResizeWindow hook + xwayland: Use correct xwl_window lookup function in xwl_set_shape - eglstreams has been dropped - Update to bug fix relesae 23.2.7 * m4: drop autoconf leftovers * xwayland: Send ei_device_frame on device_scroll_discrete * xwayland: Call drmFreeDevice for dma-buf default feedback * xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done * dri3: Free formats in cache_formats_and_modifiers * xwayland/glamor: Handle depth 15 in gbm_format_for_depth * Revert 'xwayland/glamor: Avoid implicit redirection with depth 32 parent windows' * xwayland: Check for outputs before lease devices * xwayland: Do not remove output on withdraw if leased - Update to 23.2.6 * This is a quick bug fix release to address a regression introduced by the fix for CVE-2024-31083 in xwayland-23.2.5. - Security update 23.2.5 This release contains the 3 security fixes that actually apply to Xwayland reported in the security advisory of April 3rd 2024 * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31083 Additionally, it also contains a couple of other fixes, a copy/paste error in the DeviceStateNotify event and a fix to enable buttons with pointer gestures for backward compatibility with legacy X11 clients. - Don't provide xorg-x11-server-source * xwayland sources are not meant for a generic server. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-2776,SUSE-SLE-Module-Development-Tools-15-SP5-2024-2776,SUSE-SLE-Module-Development-Tools-15-SP6-2024-2776,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2776,SUSE-SLE-Product-WE-15-SP6-2024-2776,openSUSE-SLE-15.5-2024-2776,openSUSE-SLE-15.6-2024-2776 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242776-1/ Link for SUSE-SU-2024:2776-1 https://lists.suse.com/pipermail/sle-security-updates/2024-August/019222.html E-Mail link for SUSE-SU-2024:2776-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1219892 SUSE Bug 1219892 https://bugzilla.suse.com/1222309 SUSE Bug 1222309 https://bugzilla.suse.com/1222310 SUSE Bug 1222310 https://bugzilla.suse.com/1222312 SUSE Bug 1222312 https://bugzilla.suse.com/1222442 SUSE Bug 1222442 https://www.suse.com/security/cve/CVE-2024-31080/ SUSE CVE CVE-2024-31080 page https://www.suse.com/security/cve/CVE-2024-31081/ SUSE CVE CVE-2024-31081 page https://www.suse.com/security/cve/CVE-2024-31083/ SUSE CVE CVE-2024-31083 page SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise Module for Development Tools 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 dri3proto-devel-1.2-150100.6.3.1 presentproto-devel-1.3-150600.3.3.1 wayland-protocols-devel-1.36-150600.4.3.1 xwayland-24.1.1-150600.5.3.1 xwayland-devel-24.1.1-150600.5.3.1 dri3proto-devel-1.2-150100.6.3.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP5 dri3proto-devel-1.2-150100.6.3.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 presentproto-devel-1.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 wayland-protocols-devel-1.36-150600.4.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 xwayland-24.1.1-150600.5.3.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 dri3proto-devel-1.2-150100.6.3.1 as a component of openSUSE Leap 15.5 dri3proto-devel-1.2-150100.6.3.1 as a component of openSUSE Leap 15.6 presentproto-devel-1.3-150600.3.3.1 as a component of openSUSE Leap 15.6 wayland-protocols-devel-1.36-150600.4.3.1 as a component of openSUSE Leap 15.6 xwayland-24.1.1-150600.5.3.1 as a component of openSUSE Leap 15.6 xwayland-devel-24.1.1-150600.5.3.1 as a component of openSUSE Leap 15.6 A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. CVE-2024-31080 SUSE Linux Enterprise Module for Development Tools 15 SP5:dri3proto-devel-1.2-150100.6.3.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:dri3proto-devel-1.2-150100.6.3.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:presentproto-devel-1.3-150600.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:wayland-protocols-devel-1.36-150600.4.3.1 SUSE Linux Enterprise Workstation Extension 15 SP6:xwayland-24.1.1-150600.5.3.1 openSUSE Leap 15.5:dri3proto-devel-1.2-150100.6.3.1 openSUSE Leap 15.6:dri3proto-devel-1.2-150100.6.3.1 openSUSE Leap 15.6:presentproto-devel-1.3-150600.3.3.1 openSUSE Leap 15.6:wayland-protocols-devel-1.36-150600.4.3.1 openSUSE Leap 15.6:xwayland-24.1.1-150600.5.3.1 openSUSE Leap 15.6:xwayland-devel-24.1.1-150600.5.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242776-1/ https://www.suse.com/security/cve/CVE-2024-31080.html CVE-2024-31080 https://bugzilla.suse.com/1222309 SUSE Bug 1222309 https://bugzilla.suse.com/1222312 SUSE Bug 1222312 A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. CVE-2024-31081 SUSE Linux Enterprise Module for Development Tools 15 SP5:dri3proto-devel-1.2-150100.6.3.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:dri3proto-devel-1.2-150100.6.3.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:presentproto-devel-1.3-150600.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:wayland-protocols-devel-1.36-150600.4.3.1 SUSE Linux Enterprise Workstation Extension 15 SP6:xwayland-24.1.1-150600.5.3.1 openSUSE Leap 15.5:dri3proto-devel-1.2-150100.6.3.1 openSUSE Leap 15.6:dri3proto-devel-1.2-150100.6.3.1 openSUSE Leap 15.6:presentproto-devel-1.3-150600.3.3.1 openSUSE Leap 15.6:wayland-protocols-devel-1.36-150600.4.3.1 openSUSE Leap 15.6:xwayland-24.1.1-150600.5.3.1 openSUSE Leap 15.6:xwayland-devel-24.1.1-150600.5.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242776-1/ https://www.suse.com/security/cve/CVE-2024-31081.html CVE-2024-31081 https://bugzilla.suse.com/1222310 SUSE Bug 1222310 https://bugzilla.suse.com/1222312 SUSE Bug 1222312 A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request. CVE-2024-31083 SUSE Linux Enterprise Module for Development Tools 15 SP5:dri3proto-devel-1.2-150100.6.3.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:dri3proto-devel-1.2-150100.6.3.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:presentproto-devel-1.3-150600.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:wayland-protocols-devel-1.36-150600.4.3.1 SUSE Linux Enterprise Workstation Extension 15 SP6:xwayland-24.1.1-150600.5.3.1 openSUSE Leap 15.5:dri3proto-devel-1.2-150100.6.3.1 openSUSE Leap 15.6:dri3proto-devel-1.2-150100.6.3.1 openSUSE Leap 15.6:presentproto-devel-1.3-150600.3.3.1 openSUSE Leap 15.6:wayland-protocols-devel-1.36-150600.4.3.1 openSUSE Leap 15.6:xwayland-24.1.1-150600.5.3.1 openSUSE Leap 15.6:xwayland-devel-24.1.1-150600.5.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242776-1/ https://www.suse.com/security/cve/CVE-2024-31083.html CVE-2024-31083 https://bugzilla.suse.com/1222312 SUSE Bug 1222312