{"affected":[{"ecosystem_specific":{"binaries":[{"libva-devel":"2.20.0-150400.3.5.1","libva-drm2":"2.20.0-150400.3.5.1","libva-wayland2":"2.20.0-150400.3.5.1","libva-x11-2":"2.20.0-150400.3.5.1","libva2":"2.20.0-150400.3.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"libva","purl":"pkg:rpm/suse/libva&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.20.0-150400.3.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libva-devel":"2.20.0-150400.3.5.1","libva-drm2":"2.20.0-150400.3.5.1","libva-wayland2":"2.20.0-150400.3.5.1","libva-x11-2":"2.20.0-150400.3.5.1","libva2":"2.20.0-150400.3.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"libva","purl":"pkg:rpm/suse/libva&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.20.0-150400.3.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libva-devel":"2.20.0-150400.3.5.1","libva-drm2":"2.20.0-150400.3.5.1","libva-wayland2":"2.20.0-150400.3.5.1","libva-x11-2":"2.20.0-150400.3.5.1","libva2":"2.20.0-150400.3.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","name":"libva","purl":"pkg:rpm/suse/libva&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.20.0-150400.3.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libva-devel":"2.20.0-150400.3.5.1","libva-drm2":"2.20.0-150400.3.5.1","libva-wayland2":"2.20.0-150400.3.5.1","libva-x11-2":"2.20.0-150400.3.5.1","libva2":"2.20.0-150400.3.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","name":"libva","purl":"pkg:rpm/suse/libva&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.20.0-150400.3.5.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libva fixes the following issues:\n\nUpdate to libva version 2.20.0, which includes security fix for:\n\n- CVE-2023-39929: Uncontrolled search path may allow an authenticated\n  user to escalate privilege via local access (bsc#1224413, jsc#PED-11066)\n\nThis includes latest version of one of the components needed for\nVideo (processing) hardware support on Intel GPUs (bsc#1217770)\n\nUpdate to version 2.20.0:\n\n  * av1: Revise offsets comments for av1 encode\n  * drm:\n    - Limit the array size to avoid out of range\n    - Remove no longer used helpers\n  * jpeg: add support for crop and partial decode\n  * trace:\n    - Add trace for vaExportSurfaceHandle\n    - Unlock mutex before return\n    - Fix minor issue about printf data type and value range\n  * va/backend:\n    - Annotate vafool as deprecated\n    - Document the vaGetDriver* APIs\n  * va/x11/va_fglrx: Remove some dead code\n  * va/x11/va_nvctrl: Remove some dead code\n  * va:\n    - Add new VADecodeErrorType to indicate the reset happended in\n      the driver\n    - Add vendor string on va_TraceInitialize\n    - Added Q416 fourcc (three-plane 16-bit YUV 4:4:4)\n    - Drop no longer applicable vaGetDriverNames check\n    - Fix:don't leak driver names, when override is set\n    - Fix:set driver number to be zero if vaGetDriverNames failed\n    - Optimize code of getting driver name for all protocols/os\n      (wayland,x11,drm,win32,android)\n    - Remove legacy code paths\n    - Remove unreachable 'DRIVER BUG'\n  * win32:\n    - Only print win32 driver messages in DEBUG builds\n    - Remove duplicate adapter_luid entry\n  * x11/dri2: limit the array handling to avoid out of range access\n  * x11:\n    - Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var\n    - Implement vaGetDriverNames\n    - Remove legacy code paths\n\nUpdate to 2.19.0:\n\n  * add: Add mono_chrome to VAEncSequenceParameterBufferAV1\n  * add: Enable support for license acquisition of multiple protected\n    playbacks\n  * fix: use secure_getenv instead of getenv\n  * trace: Improve and add VA trace log for AV1 encode\n  * trace: Unify va log message, replace va_TracePrint with va_TraceMsg.\n\nUpdate to version 2.18.0:\n\n  * doc: Add build and install libva informatio in home page.\n  * fix:\n    - Add libva.def into distribution package\n    - NULL check before calling strncmp.\n    - Remove reference to non-existent symbol\n  * meson: docs:\n    - Add encoder interface for av1\n    - Use libva_version over project_version()\n  * va:\n    - Add VAProfileH264High10\n    - Always build with va-messaging API\n    - Fix the codying style of CHECK_DISPLAY\n    - Remove Android pre Jelly Bean workarounds\n    - Remove dummy isValid() hook\n    - Remove unused drm_sarea.h include & ANDROID references in\n      va_dricommon.h\n    - va/sysdeps.h: remove Android section\n  * x11:\n    - Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var\n    - Use LIBVA_DRI3_DISABLE in GetNumCandidates\n\nupdate to 2.17.0:\n\n  * win: Simplify signature for driver name loading\n  * win: Rewrite driver registry query and fix some\n    bugs/leaks/inefficiencies\n  * win: Add missing null check after calloc\n  * va: Update security disclaimer\n  * dep:remove the file .cvsignore\n  * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx\n  * meson: add 'with-legacy' for emgd, nvctrl and fglrx\n  * x11: move all FGLRX code to va_fglrx.c\n  * x11: move all NVCTRL code to va_nvctrl.c\n  * meson: stop using deprecated meson.source_root()\n  * meson: stop using configure_file copy=true\n  * va: correctly include the win32 (local) headers\n  * win: clean-up the coding style\n  * va: dos2unix all the files\n  * drm: remove unnecessary dri2 version/extension query\n  * trace: annotate internal functions with DLL_HIDDEN\n  * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_\n    support level attribute instead\n  * meson: Check support for -Wl,-version-script and build link_args\n    accordingly\n  * meson: Set va_win32 soversion to '' and remove the install_data rename\n  * fix: resouce check null\n  * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes\n  * va_trace: va_TraceSurfaceAttributes should check the\n    VASurfaceAttribMemoryType\n  * va: Adds Win32 Node and Windows build support\n  * va: Adds compat_win32 abstraction for Windows build and prepares va\n    common code for windows build\n  * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled\n  * meson: Add with_win32 option, makes libdrm non-mandatory on Win\n  * x11: add basic DRI3 support\n  * drm: remove VA_DRM_IsRenderNodeFd() helper\n  * drm: add radeon drm + radeonsi mesa combo\n\n- needed for jira#PED-1174 (Video decoding/encoding support \n  (VA-API, ...) for Intel GPUs is outside of Mesa)\n\nUpdate to 2.16.0:\n\n  * add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e.\n  * dep: Update README.md to remove badge links\n  * dep: Removed waffle-io badge from README to fix broken link\n  * dep: Drop mailing list, IRC and Slack\n  * autotools: use wayland-scanner private-code\n  * autotools: use the wayland-scanner.pc to locate the prog\n  * meson: use wayland-scanner private-code\n  * meson: request native wayland-scanner\n  * meson: use the wayland-scanner.pc to locate the prog\n  * meson: set HAVE_VA_X11 when applicable\n  * style:Correct slight coding style in several new commits\n  * trace: add Linux ftrace mode for va trace\n  * trace: Add missing pthread_mutex_destroy\n  * drm: remove no-longer needed X == X mappings\n  * drm: fallback to drm driver name == va driver name\n  * drm: simplify the mapping table\n  * x11: simplify the mapping table\n\nUpdate to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2 Release 22.4.4\n\nUpdate to 2.15.0:\n\n  * Add: new display HW attribute to report PCI ID\n  * Add: sample depth related parameters for AV1e\n  * Add: refresh_frame_flags for AV1e\n  * Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC.\n  * Add: nvidia-drm to the drm driver map\n  * Add: type and buffer for delta qp per block\n  * Deprecation: remove the va_fool support\n  * Fix:Correct the version of meson build on master branch\n  * Fix:X11 DRI2: check if device is a render node\n  * Build:Use also strong stack protection if supported\n  * Trace:print the string for profile/entrypoint/configattrib\n\nUpdate to 2.14.0:\n\n  * add: Add av1 encode interfaces\n  * add: VA/X11 VAAPI driver mapping for crocus DRI driver\n  * doc: Add description of the fd management for surface importing\n  * ci: fix freebsd build\n  * meson: Copy public headers to build directory to support subproject\n\n- CVE-2023-39929: Fixed an issue where an uncontrolled search path may allow authenticated users to escalate privilege via local access. (bsc#1224413) \n","id":"SUSE-SU-2025:1452-1","modified":"2025-05-05T07:43:59Z","published":"2025-05-05T07:43:59Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20251452-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202828"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217770"},{"type":"REPORT","url":"https://bugzilla.suse.com/1224413"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-39929"}],"related":["CVE-2023-39929"],"summary":"Security update for libva","upstream":["CVE-2023-39929"]}