Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
100
security advisorymoderatelocal accessSUSE: 2025:1477-1 moderate: escalation issue with libva detected
* bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 * jsc#PED-1174 . # Security update for libva Announcement ID: SUSE-SU-2025:1477-1 Release Date: 2025-05-06T09:17:19Z Rating: moderate References: * bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 * jsc#PED-1174 * jsc#PM-1623 * jsc#SLE-12712 * jsc#SLE-19361 * jsc#SLE-8838 Cross-References: * CVE-2023-39929 CVSS scores: * CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability, contains six features and has two security fixes can now be installed. ## Description: This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * uncontrolled search path may allow an authenticated user to escalate privilege via local access (CVE-2023-39929, bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: * Limit the array size to avoid out of range * Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: * Add trace for vaExportSurfaceHandle * Unlock mutex before return * Fix minor issue about printf data type and value range * va/backend: * Annotate vafool as deprecated * Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: * Add new VADecodeErrorType to indicate the reset happended in the driver * Add vendor string on va_TraceInitialize * Added Q416 fourcc (three-plane16-bit YUV 4:4:4) * Drop no longer applicable vaGetDriverNames check * Fix:don't leak driver names, when override is set * Fix:set driver number to be zero if vaGetDriverNames failed * Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) * Remove legacy code paths * Remove unreachable "DRIVER BUG" * win32: * Only print win32 driver messages in DEBUG builds * Remove duplicate adapter_luid entry * x11/dri2: limit the array handling to avoid out of range access * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var * Implement vaGetDriverNames * Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: * Add libva.def into distribution package * NULL check before calling strncmp. * Remove reference to non-existent symbol * meson: docs: * Add encoder interface for av1 * Use libva_version over project_version() * va: * Add VAProfileH264High10 * Always build with va-messaging API * Fix the codying style of CHECK_DISPLAY * Remove Android pre Jelly Bean workarounds * Remove dummy isValid() hook * Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h * va/sysdeps.h: remove Android section * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var * Use LIBVA_DRI3_DISABLE in GetNumCandidates Update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Add missing null check after calloc * va: Update security disclaimer * dep:remove the file .cvsignore *pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to ' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo Needed for jira#PED-1174 (Video decoding/encoding support (VA-API, ...) for Intel GPUs is outside of Mesa) update to 2.16.0: * add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e. * dep: Update README.md to remove badge links * dep: Removed waffle-io badge from README to fix broken link * dep: Drop mailing list, IRC and Slack * autotools: use wayland-scanner private-code * autotools: use the wayland-scanner.pc to locate the prog * meson: use wayland-scanner private-code * meson: request native wayland-scanner * meson: use the wayland-scanner.pc to locate the prog * meson: set HAVE_VA_X11 when applicable *style:Correct slight coding style in several new commits * trace: add Linux ftrace mode for va trace * trace: Add missing pthread_mutex_destroy * drm: remove no-longer needed X == X mappings * drm: fallback to drm driver name == va driver name * drm: simplify the mapping table * x11: simplify the mapping table Update to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2 Release 22.4.4 Update to 2.15.0: * Add: new display HW attribute to report PCI ID * Add: sample depth related parameters for AV1e * Add: refresh_frame_flags for AV1e * Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC. * Add: nvidia-drm to the drm driver map * Add: type and buffer for delta qp per block * Deprecation: remove the va_fool support * Fix:Correct the version of meson build on master branch * Fix:X11 DRI2: check if device is a render node * Build:Use also strong stack protection if supported * Trace:print the string for profile/entrypoint/configattrib Update to 2.14.0: * add: Add av1 encode interfaces * add: VA/X11 VAAPI driver mapping for crocus DRI driver * doc: Add description of the fd management for surface importing * ci: fix freebsd build * meson: Copy public headers to build directory to support subproject Update to 2.13.0: * add new surface format fourcc XYUV * Fix av1 dec doc page link issue * unify the code styles using the style_unify script * Check the function pointer before using (fixes github issue#536) * update NEWS for 2.13.0 update to 2.12.0: * add: Report the capability of vaCopy support * add: Report the capability of sub device * add: Add config attributes to advertise HEVC/H.265 encoder features * add: Video processing HVS Denoise: Added 4 modes * add: Introduce VASurfaceAttribDRMFormatModifiers * add: Add 3DLUT Filter in Video Processing. * doc: Update log2_tile_column description for vp9enc * trace: Correct av1 film grain trace information * ci: Fix freebsd build by switching tovmactions/freebsd-vm@v0.1.3 update to 2.11.0: * add: LibVA Protected Content API * add: Add a configuration attribute to advertise AV1d LST feature * fix: wayland: don't try to authenticate with render nodes * autotools: use shell grouping instead of sed to prepend a line * trace: Add details data dump for mpeg2 IQ matrix. * doc: update docs for VASurfaceAttribPixelFormat * doc: Libva documentation edit for AV1 reference frames * doc: Modify AV1 frame_width_minus1 and frame_height_minus1 comment * doc: Remove tile_rows and tile_cols restriction to match AV1 spec * doc: Format code for doxygen output * doc: AV1 decode documentation edit for superres_scale_denominator * ci: upgrade FreeBSD to 12.2 * ci: disable travis build * ci: update cache before attempting to install packages * ci: avoid running workloads on other workloads changes * ci: enable github actions update to 2.10.0: * add: Pass offset and size of pred_weight_table * add: add vaCopy interface to copy surface and buffer * add: add definition for different execution * add: New parameters for transport controlled BRC were added * add: add FreeBSD support * add: add a bufer type to adjust context priority dynamically * fix: correct the api version in meson.build * fix: remove deprecated variable from va_trace.c * fix: Use va_deprecated for the deprecate variable * fix: Mark chroma_sample_position as deprecated * doc: va_dec_av1: clarifies CDEF syntax element packing * doc: [AV1] Update documented ranges for loop filter and quantization params. * doc: Update va.h for multi-threaded usages * trace: va/va_trace: ignore system gettid() on Linux Update to 2.9.1: * fix version mismatch between meson and autotools Update to 2.9.0: * trace: Refine the va_TraceVAPictureParameterBufferAV1. * doc: Add comments for backward/forward reference to avoid confusion * doc: Modify comments in av1 decoder interfaces * doc: Update mailing list * Add SCC fields trace for HEVC SCC encoding. * AddFOURCC code for Y212 and Y412 format. * Add interpolation method for scaling. * add attributes for context priority setting * Add vaSyncBuffer for output buffers synchronization * Add vaSyncSurface2 with timeout Update to 2.8.0: * trace: enable return value trace for successful function call * trace: divide va_TraceEndPicture to two seperate function * trace: add support for VAProfileHEVCSccMain444_10 * fix:Fixes file descriptor leak * add fourcc code for P012 format * travis: Add a test that code files don't have the exec bit set * Remove the execute bit from all source code files * meson: Allow for libdir and includedir to be absolute paths * trace: Fix format string warnings * fix:Fix clang warning (reading garbage) * add definition to enforce both reflist not empty * trace: List correct field names in va_TraceVAPictureParameterBufferHEVC * change the return value to be UNIMPLEMENTED when the function pointer is NULL * remove check of vaPutSurface implementation * Add new slice structure flag for CAPS reporting * VA/X11: VAAPI driver mapping for iris DRI driver * VA/X11: enable driver candidate selection for DRI2 * Add SCC flags to enable/disable features * fix: Fix HDR10 MaxCLL and MaxFALL documentation * Add VAProfileHEVCSccMain444_10 for HEVC * change the compatible list to be dynamic one * trace:Convert VAProfileAV1Profile0 VAProfileAV1Profile1 to string Update to version 2.7.0: * trace: av1 decode buffers trace * trace: Add HEVC REXT and SCC trace for decoding. * Add av1 decode interfaces * Fix crashes on system without supported hardware by PR #369. * Add 2 FourCC for 10bit RGB(without Alpha) format: X2R10G10B10 and X2B10G10R10. * Fix android build issue #365 and remove some trailing whitespace * Adjust call sequence to ensure authenticate operation is executed to fix #355 Update to version 2.6.1: * adjust call sequence to ensure authenticate operation is executed this patch is not needed for media-driver, butneeded for i965 driver which check authentication. Update to version 2.6.0: * enable the mutiple driver selection logic and enable it for DRM. * drm: Add iHD to driver_name_map * Add missed slice parameter 'slice_data_num_emu_prevn_bytes' * ensure that all meson files are part of the release tarball * configure: use correct comparison operator * trace: support VAConfigAttribMultipleFrame in trace * remove incorrect field of VAConfigAttribValDecJPEG * va/va_trace: Dump VP9 parameters for profile 1~3 * add multiple frame capability report * add variable to indicate layer infromation * trace: fix memory leak on closing the trace * add prediction direction caps report * Add comments for colour primaries and transfer characteristics in VAProcColorProperties This release is needed for latest intel-media-driver update (jsc#SLE-8838) Update to version 2.5.0: * Correct the comment of color_range. * Add VA_FOURCC_A2B10G10R10 for format a2b10g10r10. * Adjust VAEncMiscParameterQuantization structure to be align with VAEncMiscParameterBuffer(possible to impact BC) * Add attribute for max frame size * Add va_footer.html into distribution build * va_trace: hevc profiles added * Add new definition for input/output surface flag * va/va_trace: add trace support for VAEncMiscParameterTypeSkipFrame structure. * va/va_trace: add MPEG2 trace support for MiscParam and SequenceParam * va_openDriver: check strdup return value * Mark some duplicated field as deprecated * Add return value into logs * va/va_trace: add trace support for VAEncMiscParameterEncQuality structure. * Add newformat foucc defination * va_backend: remove unneeded linux/videodev2.h include * va_trace: add missing include * configure: don't build glx if VA/X11 isn't built * va/va_trace: unbreak with C89 after b369467 * [common] Add A2RGB10 fourcc definition * build: meson: enables va messaging and visibility * va/va_trace: add trace support for RIR(rolling intra refresh). *va/va_trace: add trace support for ROI(region of interest) Update to version 2.4.1: * [common] Add A2RGB10 fourcc definition. * build: meson: enables va messaging and visibility. * va/va_trace: * Add trace support for RIR(rolling intra refresh). * Add trace support for ROI(region of interest). Update to version 2.4.0: * va_TraceSurface support for VA_FOURCC_P010 * Add pointer to struct wl_interface for driver to use * (integrate) va: fix new line symbol in error message * av: avoid driver path truncation * Fix compilation warning (uninit and wrong variable types) for Android O MR1 * Allow import of the DRM PRIME 2 memory type * android: ignore unimportant compile warnnings * compile: fix sign/unsign compare in va_trace.c * android: replace utils/Log.h with log/log.h * High Dynamic Range Tone Mapping: Add a new filter for input metadata and some comments * Remove restrictions on vaSetDriverName() ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1477=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1477=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libva-x11-2-debuginfo-2.20.0-3.3.4 * libva-drm2-debuginfo-2.20.0-3.3.4 * libva2-2.20.0-3.3.4 * libva-devel-2.20.0-3.3.4 * libva-drm2-2.20.0-3.3.4 * libva2-debuginfo-2.20.0-3.3.4 * libva-x11-2-2.20.0-3.3.4 * libva-debugsource-2.20.0-3.3.4 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libva-x11-2-debuginfo-2.20.0-3.3.4 * libva-drm2-debuginfo-2.20.0-3.3.4 * libva2-2.20.0-3.3.4 * libva-devel-2.20.0-3.3.4 * libva-drm2-2.20.0-3.3.4 *libva2-debuginfo-2.20.0-3.3.4 * libva-x11-2-2.20.0-3.3.4 * libva-debugsource-2.20.0-3.3.4 ## References: * https://www.suse.com/security/cve/CVE-2023-39929.html * https://bugzilla.suse.com/show_bug.cgi?id=1202828 * https://bugzilla.suse.com/show_bug.cgi?id=1217770 * https://bugzilla.suse.com/show_bug.cgi?id=1224413 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-11066&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-1174&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPM-1623&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FSLE-12712&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FSLE-19361&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FSLE-8838&page_caps=&user_role= . SUSE has released an update tackling significant vulnerabilities in libva, providing essential security improvements and optimizations specifically designed for Intel graphics processors.. SUSE Security Updates, libva Vulnerability, Linux Security Patches. . LinuxSecurity.com Team
May 07, 2025
SuSE
100
security advisorymoderateupdateSUSE: 2025:1451-1 moderate fix for libva escalation risk issue
* bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 * jsc#PED-1174 . # Security update for libva Announcement ID: SUSE-SU-2025:1451-1 Release Date: 2025-05-05T07:43:42Z Rating: moderate References: * bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 * jsc#PED-1174 * jsc#SLE-19361 Cross-References: * CVE-2023-39929 CVSS scores: * CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability, contains three features and has two security fixes can now be installed. ## Description: This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * uncontrolled search path may allow an authenticated user to escalate privilege via local access (CVE-2023-39929, bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: * Limit the array size to avoid out of range * Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: * Add trace for vaExportSurfaceHandle * Unlock mutex before return * Fix minor issue about printf data type and value range * va/backend: * Annotate vafool as deprecated * Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: * Add new VADecodeErrorType to indicate the reset happended in the driver * Add vendor string on va_TraceInitialize * Added Q416 fourcc(three-plane 16-bit YUV 4:4:4) * Drop no longer applicable vaGetDriverNames check * Fix:don't leak driver names, when override is set * Fix:set driver number to be zero if vaGetDriverNames failed * Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) * Remove legacy code paths * Remove unreachable "DRIVER BUG" * win32: * Only print win32 driver messages in DEBUG builds * Remove duplicate adapter_luid entry * x11/dri2: limit the array handling to avoid out of range access * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var * Implement vaGetDriverNames * Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: * Add libva.def into distribution package * NULL check before calling strncmp. * Remove reference to non-existent symbol * meson: docs: * Add encoder interface for av1 * Use libva_version over project_version() * va: * Add VAProfileH264High10 * Always build with va-messaging API * Fix the codying style of CHECK_DISPLAY * Remove Android pre Jelly Bean workarounds * Remove dummy isValid() hook * Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h * va/sysdeps.h: remove Android section * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var * Use LIBVA_DRI3_DISABLE in GetNumCandidates Update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Add missing null check after calloc * va: Update security disclaimer * dep:remove the file.cvsignore * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to ' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo Needed for jira#PED-1174 (Video decoding/encoding support (VA-API, ...) for Intel GPUs is outside of Mesa) Update to 2.16.0: * add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e. * dep: Update README.md to remove badge links * dep: Removed waffle-io badge from README to fix broken link * dep: Drop mailing list, IRC and Slack * autotools: use wayland-scanner private-code * autotools: use the wayland-scanner.pc to locate the prog * meson: use wayland-scanner private-code * meson: request native wayland-scanner * meson: use the wayland-scanner.pc to locate the prog * meson: set HAVE_VA_X11 when applicable * style:Correct slight coding style in several new commits * trace: add Linux ftrace mode for va trace * trace: Add missing pthread_mutex_destroy * drm: remove no-longer needed X == X mappings * drm: fallback to drm driver name == va driver name * drm: simplify the mapping table * x11: simplify the mapping table Update to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2 Release 22.4.4 Update to 2.15.0: * Add: new display HW attribute to report PCI ID * Add: sample depth related parameters for AV1e * Add: refresh_frame_flags for AV1e * Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC. * Add: nvidia-drm to the drm driver map * Add: type and buffer for delta qp per block * Deprecation: remove the va_fool support * Fix:Correct the version of meson build on master branch * Fix:X11 DRI2: check if device is a render node * Build:Use also strong stack protection if supported * Trace:print the string for profile/entrypoint/configattrib Update to 2.14.0: * add: Add av1 encode interfaces * add: VA/X11 VAAPI driver mapping for crocus DRI driver * doc: Add description of the fd management for surface importing * ci: fix freebsd build * meson: Copy public headers to build directory to support subproject Update to 2.13.0 * add new surface format fourcc XYUV * Fix av1 dec doc page link issue * unify the code styles using the style_unify script * Check the function pointer before using (fixes github issue#536) * update NEWS for 2.13.0 Update to 2.12.0: * add: Report the capability of vaCopy support * add: Report the capability of sub device * add: Add config attributes to advertise HEVC/H.265 encoder features * add: Video processing HVS Denoise: Added 4 modes * add: Introduce VASurfaceAttribDRMFormatModifiers * add: Add 3DLUT Filter in Video Processing. * doc: Update log2_tile_column description for vp9enc * trace: Correct av1 film grain trace information * ci: Fix freebsd build by switching tovmactions/freebsd-vm@v0.1.3 Update to 2.11.0: * add: LibVA Protected Content API * add: Add a configuration attribute to advertise AV1d LST feature * fix: wayland: don't try to authenticate with render nodes * autotools: use shell grouping instead of sed to prepend a line * trace: Add details data dump for mpeg2 IQ matrix. * doc: update docs for VASurfaceAttribPixelFormat * doc: Libva documentation edit for AV1 reference frames * doc: Modify AV1 frame_width_minus1 and frame_height_minus1 comment * doc: Remove tile_rows and tile_cols restriction to match AV1 spec * doc: Format code for doxygen output * doc: AV1 decode documentation edit for superres_scale_denominator * ci: upgrade FreeBSD to 12.2 * ci: disable travis build * ci: update cache before attempting to install packages * ci: avoid running workloads on other workloads changes * ci: enable github actions * CVE-2023-39929: Fixed an issue where an uncontrolled search path may allow authenticated users to escalate privilege via local access. (bsc#1224413) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1451=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1451=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1451=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1451=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1451=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 *libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-glx2-2.20.0-150300.3.3.1 * libva-gl-debugsource-2.20.0-150300.3.3.1 * libva-gl-devel-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-glx2-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * openSUSE Leap 15.3 (x86_64) * libva-drm2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-32bit-2.20.0-150300.3.3.1 * libva-wayland2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-drm2-32bit-2.20.0-150300.3.3.1 * libva-glx2-32bit-2.20.0-150300.3.3.1 * libva-x11-2-32bit-2.20.0-150300.3.3.1 * libva2-32bit-2.20.0-150300.3.3.1 * libva-x11-2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-glx2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-gl-devel-32bit-2.20.0-150300.3.3.1 * libva2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-devel-32bit-2.20.0-150300.3.3.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libva-drm2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-drm2-64bit-2.20.0-150300.3.3.1 * libva-gl-devel-64bit-2.20.0-150300.3.3.1 * libva-x11-2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-64bit-2.20.0-150300.3.3.1 * libva-glx2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva2-64bit-2.20.0-150300.3.3.1 * libva-glx2-64bit-2.20.0-150300.3.3.1 * libva-x11-2-64bit-2.20.0-150300.3.3.1 * libva2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-devel-64bit-2.20.0-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39929.html * https://bugzilla.suse.com/show_bug.cgi?id=1202828 * https://bugzilla.suse.com/show_bug.cgi?id=1217770 * https://bugzilla.suse.com/show_bug.cgi?id=1224413 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-11066&page_caps=&user_role= *https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-1174&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FSLE-19361&page_caps=&user_role= . Tackling privilege amplification in the latest libva update for SUSE clientele. Key security protocols and updates highlighted.. SUSE Linux, libva update, security patch, privilege escalation, Linux updates. . LinuxSecurity.com Team
May 05, 2025
SuSE
202
security advisorymoderatepatchopenSUSE 15.3: 2025:1451-1 moderate: libva privilege escalation
An update that solves one vulnerability, contains three features and has two security fixes can now be installed.. # Security update for libva Announcement ID: SUSE-SU-2025:1451-1 Release Date: 2025-05-05T07:43:42Z Rating: moderate References: * bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 * jsc#PED-1174 * jsc#SLE-19361 Cross-References: * CVE-2023-39929 CVSS scores: * CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability, contains three features and has two security fixes can now be installed. ## Description: This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * uncontrolled search path may allow an authenticated user to escalate privilege via local access (CVE-2023-39929, bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: * Limit the array size to avoid out of range * Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: * Add trace for vaExportSurfaceHandle * Unlock mutex before return * Fix minor issue about printf data type and value range * va/backend: * Annotate vafool as deprecated * Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: * Add new VADecodeErrorType to indicate the reset happended in the driver * Add vendor string onva_TraceInitialize * Added Q416 fourcc (three-plane 16-bit YUV 4:4:4) * Drop no longer applicable vaGetDriverNames check * Fix:don't leak driver names, when override is set * Fix:set driver number to be zero if vaGetDriverNames failed * Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) * Remove legacy code paths * Remove unreachable "DRIVER BUG" * win32: * Only print win32 driver messages in DEBUG builds * Remove duplicate adapter_luid entry * x11/dri2: limit the array handling to avoid out of range access * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var * Implement vaGetDriverNames * Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: * Add libva.def into distribution package * NULL check before calling strncmp. * Remove reference to non-existent symbol * meson: docs: * Add encoder interface for av1 * Use libva_version over project_version() * va: * Add VAProfileH264High10 * Always build with va-messaging API * Fix the codying style of CHECK_DISPLAY * Remove Android pre Jelly Bean workarounds * Remove dummy isValid() hook * Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h * va/sysdeps.h: remove Android section * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var * Use LIBVA_DRI3_DISABLE in GetNumCandidates Update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Add missing null check after calloc * va: Updatesecurity disclaimer * dep:remove the file .cvsignore * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to ' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo Needed for jira#PED-1174 (Video decoding/encoding support (VA-API, ...) for Intel GPUs is outside of Mesa) Update to 2.16.0: * add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e. * dep: Update README.md to remove badge links * dep: Removed waffle-io badge from README to fix broken link * dep: Drop mailing list, IRC and Slack * autotools: use wayland-scanner private-code * autotools: use the wayland-scanner.pc to locate the prog * meson: use wayland-scanner private-code * meson: request native wayland-scanner * meson: use the wayland-scanner.pc to locate the prog * meson: set HAVE_VA_X11 when applicable * style:Correct slight coding style in several new commits * trace: add Linux ftrace mode for va trace * trace: Add missing pthread_mutex_destroy * drm: remove no-longer needed X == X mappings * drm: fallback to drm driver name == va driver name * drm: simplify the mapping table * x11: simplify the mapping table Update to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2 Release 22.4.4 Update to 2.15.0: * Add: new display HW attribute to report PCI ID * Add: sample depth related parameters for AV1e * Add: refresh_frame_flags for AV1e * Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC. * Add: nvidia-drm to the drm driver map * Add: type and buffer for delta qp per block * Deprecation: remove the va_fool support * Fix:Correct the version of meson build on master branch * Fix:X11 DRI2: check if device is a render node * Build:Use also strong stack protection if supported * Trace:print the string for profile/entrypoint/configattrib Update to 2.14.0: * add: Add av1 encode interfaces * add: VA/X11 VAAPI driver mapping for crocus DRI driver * doc: Add description of the fd management for surface importing * ci: fix freebsd build * meson: Copy public headers to build directory to support subproject Update to 2.13.0 * add new surface format fourcc XYUV * Fix av1 dec doc page link issue * unify the code styles using the style_unify script * Check the function pointer before using (fixes github issue#536) * update NEWS for 2.13.0 Update to 2.12.0: * add: Report the capability of vaCopy support * add: Report the capability of sub device * add: Add config attributes to advertise HEVC/H.265 encoder features * add: Video processing HVS Denoise: Added 4 modes * add: Introduce VASurfaceAttribDRMFormatModifiers * add: Add 3DLUT Filter in Video Processing. * doc: Update log2_tile_column description for vp9enc * trace: Correct av1 film grain trace information * ci: Fix freebsd build byswitching to vmactions/freebsd-vm@v0.1.3 Update to 2.11.0: * add: LibVA Protected Content API * add: Add a configuration attribute to advertise AV1d LST feature * fix: wayland: don't try to authenticate with render nodes * autotools: use shell grouping instead of sed to prepend a line * trace: Add details data dump for mpeg2 IQ matrix. * doc: update docs for VASurfaceAttribPixelFormat * doc: Libva documentation edit for AV1 reference frames * doc: Modify AV1 frame_width_minus1 and frame_height_minus1 comment * doc: Remove tile_rows and tile_cols restriction to match AV1 spec * doc: Format code for doxygen output * doc: AV1 decode documentation edit for superres_scale_denominator * ci: upgrade FreeBSD to 12.2 * ci: disable travis build * ci: update cache before attempting to install packages * ci: avoid running workloads on other workloads changes * ci: enable github actions * CVE-2023-39929: Fixed an issue where an uncontrolled search path may allow authenticated users to escalate privilege via local access. (bsc#1224413) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1451=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1451=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1451=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1451=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1451=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 *libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-glx2-2.20.0-150300.3.3.1 * libva-gl-debugsource-2.20.0-150300.3.3.1 * libva-gl-devel-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-glx2-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * openSUSE Leap 15.3 (x86_64) * libva-drm2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-32bit-2.20.0-150300.3.3.1 * libva-wayland2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-drm2-32bit-2.20.0-150300.3.3.1 * libva-glx2-32bit-2.20.0-150300.3.3.1 * libva-x11-2-32bit-2.20.0-150300.3.3.1 * libva2-32bit-2.20.0-150300.3.3.1 * libva-x11-2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-glx2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-gl-devel-32bit-2.20.0-150300.3.3.1 * libva2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-devel-32bit-2.20.0-150300.3.3.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libva-drm2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-drm2-64bit-2.20.0-150300.3.3.1 * libva-gl-devel-64bit-2.20.0-150300.3.3.1 * libva-x11-2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-64bit-2.20.0-150300.3.3.1 * libva-glx2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva2-64bit-2.20.0-150300.3.3.1 * libva-glx2-64bit-2.20.0-150300.3.3.1 * libva-x11-2-64bit-2.20.0-150300.3.3.1 * libva2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-devel-64bit-2.20.0-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39929.html * https://bugzilla.suse.com/show_bug.cgi?id=1202828 * https://bugzilla.suse.com/show_bug.cgi?id=1217770 * https://bugzilla.suse.com/show_bug.cgi?id=1224413 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-11066&page_caps=&user_role= *https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-1174&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FSLE-19361&page_caps=&user_role= . The latest openSUSE update mitigates the moderate threat posed by the libva privilege escalation vulnerability, accompanied by various system improvements and feature additions.. libva security, openSUSE update, SUSE patch, security advisory, escalation fix. . LinuxSecurity.com Team
May 05, 2025
OpenSUSE
202
security advisoryprivilege escalationmoderate severityopenSUSE: 2025:1452-1 moderate: libva privilege escalation fix
An update that solves one vulnerability, contains two features and has two security fixes can now be installed.. # Security update for libva Announcement ID: SUSE-SU-2025:1452-1 Release Date: 2025-05-05T07:44:00Z Rating: moderate References: * bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 * jsc#PED-1174 Cross-References: * CVE-2023-39929 CVSS scores: * CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability, contains two features and has two security fixes can now be installed. ## Description: This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * CVE-2023-39929: Uncontrolled search path may allow an authenticated user to escalate privilege via local access (bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: * Limit the array size to avoid out of range * Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: * Add trace for vaExportSurfaceHandle * Unlock mutex before return * Fix minor issue about printf data type and value range * va/backend: * Annotate vafool as deprecated * Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: * Add new VADecodeErrorType to indicate the reset happended in the driver * Add vendor stringon va_TraceInitialize * Added Q416 fourcc (three-plane 16-bit YUV 4:4:4) * Drop no longer applicable vaGetDriverNames check * Fix:don't leak driver names, when override is set * Fix:set driver number to be zero if vaGetDriverNames failed * Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) * Remove legacy code paths * Remove unreachable "DRIVER BUG" * win32: * Only print win32 driver messages in DEBUG builds * Remove duplicate adapter_luid entry * x11/dri2: limit the array handling to avoid out of range access * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var * Implement vaGetDriverNames * Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: * Add libva.def into distribution package * NULL check before calling strncmp. * Remove reference to non-existent symbol * meson: docs: * Add encoder interface for av1 * Use libva_version over project_version() * va: * Add VAProfileH264High10 * Always build with va-messaging API * Fix the codying style of CHECK_DISPLAY * Remove Android pre Jelly Bean workarounds * Remove dummy isValid() hook * Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h * va/sysdeps.h: remove Android section * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var * Use LIBVA_DRI3_DISABLE in GetNumCandidates update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Add missing null check after calloc * va: Updatesecurity disclaimer * dep:remove the file .cvsignore * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to ' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo * needed for jira#PED-1174 (Video decoding/encoding support (VA-API, ...) for Intel GPUs is outside of Mesa) Update to 2.16.0: * add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e. * dep: Update README.md to remove badge links * dep: Removed waffle-io badge from README to fix broken link * dep: Drop mailing list, IRC and Slack * autotools: use wayland-scanner private-code * autotools: use the wayland-scanner.pc to locate the prog * meson: use wayland-scanner private-code * meson: request native wayland-scanner * meson: use the wayland-scanner.pc to locatethe prog * meson: set HAVE_VA_X11 when applicable * style:Correct slight coding style in several new commits * trace: add Linux ftrace mode for va trace * trace: Add missing pthread_mutex_destroy * drm: remove no-longer needed X == X mappings * drm: fallback to drm driver name == va driver name * drm: simplify the mapping table * x11: simplify the mapping table Update to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2 Release 22.4.4 Update to 2.15.0: * Add: new display HW attribute to report PCI ID * Add: sample depth related parameters for AV1e * Add: refresh_frame_flags for AV1e * Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC. * Add: nvidia-drm to the drm driver map * Add: type and buffer for delta qp per block * Deprecation: remove the va_fool support * Fix:Correct the version of meson build on master branch * Fix:X11 DRI2: check if device is a render node * Build:Use also strong stack protection if supported * Trace:print the string for profile/entrypoint/configattrib Update to 2.14.0: * add: Add av1 encode interfaces * add: VA/X11 VAAPI driver mapping for crocus DRI driver * doc: Add description of the fd management for surface importing * ci: fix freebsd build * meson: Copy public headers to build directory to support subproject * CVE-2023-39929: Fixed an issue where an uncontrolled search path may allow authenticated users to escalate privilege via local access. (bsc#1224413) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1452=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1452=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1452=1 *SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1452=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1452=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-gl-devel-2.20.0-150400.3.5.1 * libva-glx2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-gl-debugsource-2.20.0-150400.3.5.1 * libva-glx2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 * openSUSE Leap 15.4 (x86_64) * libva-glx2-32bit-2.20.0-150400.3.5.1 * libva-drm2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-devel-32bit-2.20.0-150400.3.5.1 * libva-x11-2-32bit-2.20.0-150400.3.5.1 * libva2-32bit-2.20.0-150400.3.5.1 * libva-x11-2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-glx2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-gl-devel-32bit-2.20.0-150400.3.5.1 * libva2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-32bit-2.20.0-150400.3.5.1 * libva-drm2-32bit-2.20.0-150400.3.5.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libva-glx2-64bit-2.20.0-150400.3.5.1 * libva-drm2-64bit-2.20.0-150400.3.5.1 * libva-glx2-64bit-debuginfo-2.20.0-150400.3.5.1 * libva2-64bit-debuginfo-2.20.0-150400.3.5.1 * libva-gl-devel-64bit-2.20.0-150400.3.5.1 * libva-drm2-64bit-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-64bit-2.20.0-150400.3.5.1 * libva-x11-2-64bit-2.20.0-150400.3.5.1 * libva-devel-64bit-2.20.0-150400.3.5.1 * libva2-64bit-2.20.0-150400.3.5.1 *libva-x11-2-64bit-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-64bit-debuginfo-2.20.0-150400.3.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 *libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39929.html * https://bugzilla.suse.com/show_bug.cgi?id=1202828 * https://bugzilla.suse.com/show_bug.cgi?id=1217770 * https://bugzilla.suse.com/show_bug.cgi?id=1224413 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-11066&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-1174&page_caps=&user_role= . Tackling a vulnerability related to privilege escalation found in libva on openSUSE, recognized with a moderate severity level in the recent patch.. libva security update, openSUSE patch, privilege escalation issue, moderate security advisory. . LinuxSecurity.com Team
May 05, 2025
OpenSUSE
100
security advisorymoderatesoftware updateSUSE: 2025:1452-1 moderate: libva privilege escalation fix
* bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 * jsc#PED-1174 . # Security update for libva Announcement ID: SUSE-SU-2025:1452-1 Release Date: 2025-05-05T07:44:00Z Rating: moderate References: * bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 * jsc#PED-1174 Cross-References: * CVE-2023-39929 CVSS scores: * CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability, contains two features and has two security fixes can now be installed. ## Description: This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * CVE-2023-39929: Uncontrolled search path may allow an authenticated user to escalate privilege via local access (bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: * Limit the array size to avoid out of range * Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: * Add trace for vaExportSurfaceHandle * Unlock mutex before return * Fix minor issue about printf data type and value range * va/backend: * Annotate vafool as deprecated * Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: * Add new VADecodeErrorType to indicate the reset happended in the driver * Add vendor string on va_TraceInitialize * Added Q416fourcc (three-plane 16-bit YUV 4:4:4) * Drop no longer applicable vaGetDriverNames check * Fix:don't leak driver names, when override is set * Fix:set driver number to be zero if vaGetDriverNames failed * Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) * Remove legacy code paths * Remove unreachable "DRIVER BUG" * win32: * Only print win32 driver messages in DEBUG builds * Remove duplicate adapter_luid entry * x11/dri2: limit the array handling to avoid out of range access * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var * Implement vaGetDriverNames * Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: * Add libva.def into distribution package * NULL check before calling strncmp. * Remove reference to non-existent symbol * meson: docs: * Add encoder interface for av1 * Use libva_version over project_version() * va: * Add VAProfileH264High10 * Always build with va-messaging API * Fix the codying style of CHECK_DISPLAY * Remove Android pre Jelly Bean workarounds * Remove dummy isValid() hook * Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h * va/sysdeps.h: remove Android section * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var * Use LIBVA_DRI3_DISABLE in GetNumCandidates update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Add missing null check after calloc * va: Update security disclaimer * dep:remove thefile .cvsignore * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to ' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo * needed for jira#PED-1174 (Video decoding/encoding support (VA-API, ...) for Intel GPUs is outside of Mesa) Update to 2.16.0: * add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e. * dep: Update README.md to remove badge links * dep: Removed waffle-io badge from README to fix broken link * dep: Drop mailing list, IRC and Slack * autotools: use wayland-scanner private-code * autotools: use the wayland-scanner.pc to locate the prog * meson: use wayland-scanner private-code * meson: request native wayland-scanner * meson: use the wayland-scanner.pc to locate the prog * meson: set HAVE_VA_X11 whenapplicable * style:Correct slight coding style in several new commits * trace: add Linux ftrace mode for va trace * trace: Add missing pthread_mutex_destroy * drm: remove no-longer needed X == X mappings * drm: fallback to drm driver name == va driver name * drm: simplify the mapping table * x11: simplify the mapping table Update to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2 Release 22.4.4 Update to 2.15.0: * Add: new display HW attribute to report PCI ID * Add: sample depth related parameters for AV1e * Add: refresh_frame_flags for AV1e * Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC. * Add: nvidia-drm to the drm driver map * Add: type and buffer for delta qp per block * Deprecation: remove the va_fool support * Fix:Correct the version of meson build on master branch * Fix:X11 DRI2: check if device is a render node * Build:Use also strong stack protection if supported * Trace:print the string for profile/entrypoint/configattrib Update to 2.14.0: * add: Add av1 encode interfaces * add: VA/X11 VAAPI driver mapping for crocus DRI driver * doc: Add description of the fd management for surface importing * ci: fix freebsd build * meson: Copy public headers to build directory to support subproject * CVE-2023-39929: Fixed an issue where an uncontrolled search path may allow authenticated users to escalate privilege via local access. (bsc#1224413) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1452=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1452=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1452=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1452=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1452=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-gl-devel-2.20.0-150400.3.5.1 * libva-glx2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-gl-debugsource-2.20.0-150400.3.5.1 * libva-glx2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 * openSUSE Leap 15.4 (x86_64) * libva-glx2-32bit-2.20.0-150400.3.5.1 * libva-drm2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-devel-32bit-2.20.0-150400.3.5.1 * libva-x11-2-32bit-2.20.0-150400.3.5.1 * libva2-32bit-2.20.0-150400.3.5.1 * libva-x11-2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-glx2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-gl-devel-32bit-2.20.0-150400.3.5.1 * libva2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-32bit-2.20.0-150400.3.5.1 * libva-drm2-32bit-2.20.0-150400.3.5.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libva-glx2-64bit-2.20.0-150400.3.5.1 * libva-drm2-64bit-2.20.0-150400.3.5.1 * libva-glx2-64bit-debuginfo-2.20.0-150400.3.5.1 * libva2-64bit-debuginfo-2.20.0-150400.3.5.1 * libva-gl-devel-64bit-2.20.0-150400.3.5.1 * libva-drm2-64bit-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-64bit-2.20.0-150400.3.5.1 * libva-x11-2-64bit-2.20.0-150400.3.5.1 * libva-devel-64bit-2.20.0-150400.3.5.1 * libva2-64bit-2.20.0-150400.3.5.1 * libva-x11-2-64bit-debuginfo-2.20.0-150400.3.5.1 *libva-wayland2-64bit-debuginfo-2.20.0-150400.3.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 *libva2-debuginfo-2.20.0-150400.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39929.html * https://bugzilla.suse.com/show_bug.cgi?id=1202828 * https://bugzilla.suse.com/show_bug.cgi?id=1217770 * https://bugzilla.suse.com/show_bug.cgi?id=1224413 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-11066&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-1174&page_caps=&user_role= . SUSE has issued a notice regarding a minor severity enhancement for libva which mitigates an issue related to local privilege escalation vulnerabilities.. libva security update, SUSE Linux advisory, privilege escalation, openSUSE patch, software security fixes. . LinuxSecurity.com Team
May 05, 2025
SuSE
100
security advisoryprivilege escalationmoderate severitySUSE: 2025:1453-1 moderate: libva privilege escalation fix
* bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 . # Security update for libva Announcement ID: SUSE-SU-2025:1453-1 Release Date: 2025-05-05T07:44:16Z Rating: moderate References: * bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 Cross-References: * CVE-2023-39929 CVSS scores: * CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * CVE-2023-39929: uncontrolled search path may allow an authenticated user to escalate privilege via local access (bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: * Limit the array size to avoid out of range * Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: * Add trace for vaExportSurfaceHandle * Unlock mutex before return * Fix minor issue about printf data type and value range * va/backend: * Annotate vafool as deprecated * Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: * Add new VADecodeErrorType to indicate the reset happended in the driver * Add vendor string on va_TraceInitialize * Added Q416 fourcc (three-plane 16-bitYUV 4:4:4) * Drop no longer applicable vaGetDriverNames check * Fix:don't leak driver names, when override is set * Fix:set driver number to be zero if vaGetDriverNames failed * Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) * Remove legacy code paths * Remove unreachable "DRIVER BUG" * x11/dri2: limit the array handling to avoid out of range access * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var * Implement vaGetDriverNames * Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: * Add libva.def into distribution package * NULL check before calling strncmp. * Remove reference to non-existent symbol * meson: docs: * Add encoder interface for av1 * Use libva_version over project_version() * va: * Add VAProfileH264High10 * Always build with va-messaging API * Fix the codying style of CHECK_DISPLAY * Remove Android pre Jelly Bean workarounds * Remove dummy isValid() hook * Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h * va/sysdeps.h: remove Android section * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var * Use LIBVA_DRI3_DISABLE in GetNumCandidates * Add libva-wayland to baselibs.conf, now that its build have moved to the main part of spec, source validator should no longer complain on SLE. Update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Add missing null check after calloc * va: Update securitydisclaimer * dep:remove the file .cvsignore * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to ' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-1453=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1453=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1453=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in-t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1453=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1453=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva-gl-debugsource-2.20.0-150500.3.5.1 * libva-glx2-debuginfo-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-glx2-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-gl-devel-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 * openSUSE Leap 15.5 (x86_64) * libva-x11-2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva2-32bit-2.20.0-150500.3.5.1 * libva-wayland2-32bit-2.20.0-150500.3.5.1 * libva-devel-32bit-2.20.0-150500.3.5.1 * libva-drm2-32bit-2.20.0-150500.3.5.1 * libva-glx2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva-glx2-32bit-2.20.0-150500.3.5.1 * libva-gl-devel-32bit-2.20.0-150500.3.5.1 * libva-drm2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva-x11-2-32bit-2.20.0-150500.3.5.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libva2-64bit-2.20.0-150500.3.5.1 * libva-wayland2-64bit-2.20.0-150500.3.5.1 * libva-wayland2-64bit-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-64bit-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-64bit-2.20.0-150500.3.5.1 * libva-devel-64bit-2.20.0-150500.3.5.1 * libva2-64bit-debuginfo-2.20.0-150500.3.5.1 * libva-glx2-64bit-2.20.0-150500.3.5.1 * libva-x11-2-64bit-debuginfo-2.20.0-150500.3.5.1 * libva-x11-2-64bit-2.20.0-150500.3.5.1 * libva-gl-devel-64bit-2.20.0-150500.3.5.1 *libva-glx2-64bit-debuginfo-2.20.0-150500.3.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 *libva-drm2-debuginfo-2.20.0-150500.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39929.html * https://bugzilla.suse.com/show_bug.cgi?id=1202828 * https://bugzilla.suse.com/show_bug.cgi?id=1217770 * https://bugzilla.suse.com/show_bug.cgi?id=1224413 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-11066&page_caps=&user_role= . The recent security patch from SUSE tackles a privilege escalation vulnerability in libva affecting various distributions. Update promptly!. libva update, SUSE advisory, privilege escalation fix, openSUSE updates. . LinuxSecurity.com Team
May 05, 2025
SuSE
202
security advisorymoderateprivilege escalationopenSUSE Leap 15.5: 2025:1453-1 moderate: libva privilege escalation
An update that solves one vulnerability, contains one feature and has two security fixes can now be installed.. # Security update for libva Announcement ID: SUSE-SU-2025:1453-1 Release Date: 2025-05-05T07:44:16Z Rating: moderate References: * bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 Cross-References: * CVE-2023-39929 CVSS scores: * CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * CVE-2023-39929: uncontrolled search path may allow an authenticated user to escalate privilege via local access (bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: * Limit the array size to avoid out of range * Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: * Add trace for vaExportSurfaceHandle * Unlock mutex before return * Fix minor issue about printf data type and value range * va/backend: * Annotate vafool as deprecated * Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: * Add new VADecodeErrorType to indicate the reset happended in the driver * Add vendor string onva_TraceInitialize * Added Q416 fourcc (three-plane 16-bit YUV 4:4:4) * Drop no longer applicable vaGetDriverNames check * Fix:don't leak driver names, when override is set * Fix:set driver number to be zero if vaGetDriverNames failed * Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) * Remove legacy code paths * Remove unreachable "DRIVER BUG" * x11/dri2: limit the array handling to avoid out of range access * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var * Implement vaGetDriverNames * Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: * Add libva.def into distribution package * NULL check before calling strncmp. * Remove reference to non-existent symbol * meson: docs: * Add encoder interface for av1 * Use libva_version over project_version() * va: * Add VAProfileH264High10 * Always build with va-messaging API * Fix the codying style of CHECK_DISPLAY * Remove Android pre Jelly Bean workarounds * Remove dummy isValid() hook * Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h * va/sysdeps.h: remove Android section * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var * Use LIBVA_DRI3_DISABLE in GetNumCandidates * Add libva-wayland to baselibs.conf, now that its build have moved to the main part of spec, source validator should no longer complain on SLE. Update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Addmissing null check after calloc * va: Update security disclaimer * dep:remove the file .cvsignore * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to ' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-1453=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1453=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1453=1 *SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1453=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1453=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva-gl-debugsource-2.20.0-150500.3.5.1 * libva-glx2-debuginfo-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-glx2-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-gl-devel-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 * openSUSE Leap 15.5 (x86_64) * libva-x11-2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva2-32bit-2.20.0-150500.3.5.1 * libva-wayland2-32bit-2.20.0-150500.3.5.1 * libva-devel-32bit-2.20.0-150500.3.5.1 * libva-drm2-32bit-2.20.0-150500.3.5.1 * libva-glx2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva-glx2-32bit-2.20.0-150500.3.5.1 * libva-gl-devel-32bit-2.20.0-150500.3.5.1 * libva-drm2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva-x11-2-32bit-2.20.0-150500.3.5.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libva2-64bit-2.20.0-150500.3.5.1 * libva-wayland2-64bit-2.20.0-150500.3.5.1 * libva-wayland2-64bit-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-64bit-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-64bit-2.20.0-150500.3.5.1 * libva-devel-64bit-2.20.0-150500.3.5.1 * libva2-64bit-debuginfo-2.20.0-150500.3.5.1 * libva-glx2-64bit-2.20.0-150500.3.5.1 * libva-x11-2-64bit-debuginfo-2.20.0-150500.3.5.1 * libva-x11-2-64bit-2.20.0-150500.3.5.1 *libva-gl-devel-64bit-2.20.0-150500.3.5.1 * libva-glx2-64bit-debuginfo-2.20.0-150500.3.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 *libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39929.html * https://bugzilla.suse.com/show_bug.cgi?id=1202828 * https://bugzilla.suse.com/show_bug.cgi?id=1217770 * https://bugzilla.suse.com/show_bug.cgi?id=1224413 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-11066&page_caps=&user_role= . An update for Fedora resolves a critical vulnerability in libpng that could result in unauthorized access.. openSUSE Security Update, libva CVE-2023-39929, privilege escalation fix, moderate severity issue. . LinuxSecurity.com Team
May 05, 2025
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!