Security update for wayland SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:1864-1 Final 1 1 2023-04-17T08:57:19Z current 2023-04-17T08:57:19Z 2023-04-17T08:57:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wayland This update for wayland fixes the following issues: - CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling. (bsc#1190486) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-1864,SUSE-SLE-SDK-12-SP5-2023-1864,SUSE-SLE-SERVER-12-SP5-2023-1864 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20231864-1/ Link for SUSE-SU-2023:1864-1 https://lists.suse.com/pipermail/sle-security-updates/2024-February/018016.html E-Mail link for SUSE-SU-2023:1864-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1190486 SUSE Bug 1190486 https://www.suse.com/security/cve/CVE-2021-3782/ SUSE CVE CVE-2021-3782 page SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 libwayland-client0-1.13.0-3.3.1 libwayland-client0-32bit-1.13.0-3.3.1 libwayland-client0-64bit-1.13.0-3.3.1 libwayland-cursor0-1.13.0-3.3.1 libwayland-cursor0-32bit-1.13.0-3.3.1 libwayland-cursor0-64bit-1.13.0-3.3.1 libwayland-server0-1.13.0-3.3.1 libwayland-server0-32bit-1.13.0-3.3.1 libwayland-server0-64bit-1.13.0-3.3.1 wayland-devel-1.13.0-3.3.1 wayland-devel-32bit-1.13.0-3.3.1 wayland-devel-64bit-1.13.0-3.3.1 libwayland-client0-1.13.0-3.3.1 as a component of SUSE Linux Enterprise Server 12 SP5 libwayland-client0-1.13.0-3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libwayland-client0-1.13.0-3.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libwayland-cursor0-1.13.0-3.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libwayland-server0-1.13.0-3.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 wayland-devel-1.13.0-3.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time. CVE-2021-3782 SUSE Linux Enterprise Server 12 SP5:libwayland-client0-1.13.0-3.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwayland-client0-1.13.0-3.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libwayland-client0-1.13.0-3.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libwayland-cursor0-1.13.0-3.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libwayland-server0-1.13.0-3.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:wayland-devel-1.13.0-3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20231864-1/ https://www.suse.com/security/cve/CVE-2021-3782.html CVE-2021-3782 https://bugzilla.suse.com/1190486 SUSE Bug 1190486