Security update for libva SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1453-1 Final 1 1 2025-05-05T07:44:16Z current 2025-05-05T07:44:16Z 2025-05-05T07:44:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libva This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * CVE-2023-39929: uncontrolled search path may allow an authenticated user to escalate privilege via local access (bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: - Limit the array size to avoid out of range - Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: - Add trace for vaExportSurfaceHandle - Unlock mutex before return - Fix minor issue about printf data type and value range * va/backend: - Annotate vafool as deprecated - Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: - Add new VADecodeErrorType to indicate the reset happended in the driver - Add vendor string on va_TraceInitialize - Added Q416 fourcc (three-plane 16-bit YUV 4:4:4) - Drop no longer applicable vaGetDriverNames check - Fix:don't leak driver names, when override is set - Fix:set driver number to be zero if vaGetDriverNames failed - Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) - Remove legacy code paths - Remove unreachable 'DRIVER BUG' * x11/dri2: limit the array handling to avoid out of range access * x11: - Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var - Implement vaGetDriverNames - Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: - Add libva.def into distribution package - NULL check before calling strncmp. - Remove reference to non-existent symbol * meson: docs: - Add encoder interface for av1 - Use libva_version over project_version() * va: - Add VAProfileH264High10 - Always build with va-messaging API - Fix the codying style of CHECK_DISPLAY - Remove Android pre Jelly Bean workarounds - Remove dummy isValid() hook - Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h - va/sysdeps.h: remove Android section * x11: - Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var - Use LIBVA_DRI3_DISABLE in GetNumCandidates - Add libva-wayland to baselibs.conf, now that its build have moved to the main part of spec, source validator should no longer complain on SLE. Update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Add missing null check after calloc * va: Update security disclaimer * dep:remove the file .cvsignore * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to '' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1453,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1453,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1453,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1453,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1453 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251453-1/ Link for SUSE-SU-2025:1453-1 https://lists.suse.com/pipermail/sle-updates/2025-May/039140.html E-Mail link for SUSE-SU-2025:1453-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1202828 SUSE Bug 1202828 https://bugzilla.suse.com/1217770 SUSE Bug 1217770 https://bugzilla.suse.com/1224413 SUSE Bug 1224413 https://www.suse.com/security/cve/CVE-2023-39929/ SUSE CVE CVE-2023-39929 page SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP5 libva-devel-2.20.0-150500.3.5.1 libva-devel-32bit-2.20.0-150500.3.5.1 libva-devel-64bit-2.20.0-150500.3.5.1 libva-drm2-2.20.0-150500.3.5.1 libva-drm2-32bit-2.20.0-150500.3.5.1 libva-drm2-64bit-2.20.0-150500.3.5.1 libva-gl-devel-2.20.0-150500.3.5.1 libva-gl-devel-32bit-2.20.0-150500.3.5.1 libva-gl-devel-64bit-2.20.0-150500.3.5.1 libva-glx2-2.20.0-150500.3.5.1 libva-glx2-32bit-2.20.0-150500.3.5.1 libva-glx2-64bit-2.20.0-150500.3.5.1 libva-wayland2-2.20.0-150500.3.5.1 libva-wayland2-32bit-2.20.0-150500.3.5.1 libva-wayland2-64bit-2.20.0-150500.3.5.1 libva-x11-2-2.20.0-150500.3.5.1 libva-x11-2-32bit-2.20.0-150500.3.5.1 libva-x11-2-64bit-2.20.0-150500.3.5.1 libva2-2.20.0-150500.3.5.1 libva2-32bit-2.20.0-150500.3.5.1 libva2-64bit-2.20.0-150500.3.5.1 libva-devel-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libva-drm2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libva-wayland2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libva-x11-2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libva2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libva-devel-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libva-drm2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libva-wayland2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libva-x11-2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libva2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libva-devel-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libva-drm2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libva-wayland2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libva-x11-2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libva2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libva-devel-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libva-drm2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libva-wayland2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libva-x11-2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libva2-2.20.0-150500.3.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2023-39929 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libva-devel-2.20.0-150500.3.5.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libva-drm2-2.20.0-150500.3.5.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libva-wayland2-2.20.0-150500.3.5.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libva-x11-2-2.20.0-150500.3.5.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libva2-2.20.0-150500.3.5.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libva-devel-2.20.0-150500.3.5.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libva-drm2-2.20.0-150500.3.5.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libva-wayland2-2.20.0-150500.3.5.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libva-x11-2-2.20.0-150500.3.5.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libva2-2.20.0-150500.3.5.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libva-devel-2.20.0-150500.3.5.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libva-drm2-2.20.0-150500.3.5.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libva-wayland2-2.20.0-150500.3.5.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libva-x11-2-2.20.0-150500.3.5.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libva2-2.20.0-150500.3.5.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libva-devel-2.20.0-150500.3.5.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libva-drm2-2.20.0-150500.3.5.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libva-wayland2-2.20.0-150500.3.5.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libva-x11-2-2.20.0-150500.3.5.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libva2-2.20.0-150500.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251453-1/ https://www.suse.com/security/cve/CVE-2023-39929.html CVE-2023-39929 https://bugzilla.suse.com/1224413 SUSE Bug 1224413