Red Hat alert RHSA-2023:2786-01 (wayland)
From: | "Security announcements for all Red Hat products and services." <rhsa-announce@redhat.com> | |
To: | rhsa-announce@redhat.com | |
Subject: | [RHSA-2023:2786-01] Moderate: wayland security, bug fix, and enhancement update | |
Date: | Tue, 16 May 2023 11:53:52 -0000 | |
Message-ID: | <mailman.532.1684238033.1505522.rhsa-announce@redhat.com> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wayland security, bug fix, and enhancement update Advisory ID: RHSA-2023:2786-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2786 Issue date: 2023-05-16 CVE Names: CVE-2021-3782 ===================================================================== 1. Summary: An update for wayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Wayland is a protocol for a compositor to talk to its clients, as well as a C library implementation of that protocol. The compositor can be a standalone display server running on Linux kernel modesetting and evdev input devices, an X application, or a wayland client itself. The clients can be traditional applications, X servers (rootless or fullscreen) or other display servers. The following packages have been upgraded to a later upstream version: wayland (1.21.0). (BZ#2137625) Security Fix(es): * wayland: libwayland-server wl_shm reference-count overflow (CVE-2021-3782) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2002627 - CVE-2021-3782 wayland: libwayland-server wl_shm reference-count overflow 2137625 - Rebase wayland to 1.21 in el8 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: wayland-1.21.0-1.el8.src.rpm aarch64: libwayland-client-1.21.0-1.el8.aarch64.rpm libwayland-client-debuginfo-1.21.0-1.el8.aarch64.rpm libwayland-cursor-1.21.0-1.el8.aarch64.rpm libwayland-cursor-debuginfo-1.21.0-1.el8.aarch64.rpm libwayland-egl-1.21.0-1.el8.aarch64.rpm libwayland-egl-debuginfo-1.21.0-1.el8.aarch64.rpm libwayland-server-1.21.0-1.el8.aarch64.rpm libwayland-server-debuginfo-1.21.0-1.el8.aarch64.rpm wayland-debuginfo-1.21.0-1.el8.aarch64.rpm wayland-debugsource-1.21.0-1.el8.aarch64.rpm wayland-devel-1.21.0-1.el8.aarch64.rpm wayland-devel-debuginfo-1.21.0-1.el8.aarch64.rpm ppc64le: libwayland-client-1.21.0-1.el8.ppc64le.rpm libwayland-client-debuginfo-1.21.0-1.el8.ppc64le.rpm libwayland-cursor-1.21.0-1.el8.ppc64le.rpm libwayland-cursor-debuginfo-1.21.0-1.el8.ppc64le.rpm libwayland-egl-1.21.0-1.el8.ppc64le.rpm libwayland-egl-debuginfo-1.21.0-1.el8.ppc64le.rpm libwayland-server-1.21.0-1.el8.ppc64le.rpm libwayland-server-debuginfo-1.21.0-1.el8.ppc64le.rpm wayland-debuginfo-1.21.0-1.el8.ppc64le.rpm wayland-debugsource-1.21.0-1.el8.ppc64le.rpm wayland-devel-1.21.0-1.el8.ppc64le.rpm wayland-devel-debuginfo-1.21.0-1.el8.ppc64le.rpm s390x: libwayland-client-1.21.0-1.el8.s390x.rpm libwayland-client-debuginfo-1.21.0-1.el8.s390x.rpm libwayland-cursor-1.21.0-1.el8.s390x.rpm libwayland-cursor-debuginfo-1.21.0-1.el8.s390x.rpm libwayland-egl-1.21.0-1.el8.s390x.rpm libwayland-egl-debuginfo-1.21.0-1.el8.s390x.rpm libwayland-server-1.21.0-1.el8.s390x.rpm libwayland-server-debuginfo-1.21.0-1.el8.s390x.rpm wayland-debuginfo-1.21.0-1.el8.s390x.rpm wayland-debugsource-1.21.0-1.el8.s390x.rpm wayland-devel-1.21.0-1.el8.s390x.rpm wayland-devel-debuginfo-1.21.0-1.el8.s390x.rpm x86_64: libwayland-client-1.21.0-1.el8.i686.rpm libwayland-client-1.21.0-1.el8.x86_64.rpm libwayland-client-debuginfo-1.21.0-1.el8.i686.rpm libwayland-client-debuginfo-1.21.0-1.el8.x86_64.rpm libwayland-cursor-1.21.0-1.el8.i686.rpm libwayland-cursor-1.21.0-1.el8.x86_64.rpm libwayland-cursor-debuginfo-1.21.0-1.el8.i686.rpm libwayland-cursor-debuginfo-1.21.0-1.el8.x86_64.rpm libwayland-egl-1.21.0-1.el8.i686.rpm libwayland-egl-1.21.0-1.el8.x86_64.rpm libwayland-egl-debuginfo-1.21.0-1.el8.i686.rpm libwayland-egl-debuginfo-1.21.0-1.el8.x86_64.rpm libwayland-server-1.21.0-1.el8.i686.rpm libwayland-server-1.21.0-1.el8.x86_64.rpm libwayland-server-debuginfo-1.21.0-1.el8.i686.rpm libwayland-server-debuginfo-1.21.0-1.el8.x86_64.rpm wayland-debuginfo-1.21.0-1.el8.i686.rpm wayland-debuginfo-1.21.0-1.el8.x86_64.rpm wayland-debugsource-1.21.0-1.el8.i686.rpm wayland-debugsource-1.21.0-1.el8.x86_64.rpm wayland-devel-1.21.0-1.el8.i686.rpm wayland-devel-1.21.0-1.el8.x86_64.rpm wayland-devel-debuginfo-1.21.0-1.el8.i686.rpm wayland-devel-debuginfo-1.21.0-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3782 https://access.redhat.com/security/updates/classification... https://access.redhat.com/documentation/en-us/red_hat_ent... 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGNu0NzjgjWX9erEAQhUmg/8Da+VioYQjcW8BN65bynHVZiYWk2/m3u2 3mhpyFVnHGCai1YZ6IIx6e2XKaaWTD/8dFykp/M0Ol7/FcE97KrH9MPJdEJlrNr8 wcOkCE+uPKywi70uV43by6aVqSYMTpuH7DtcSA2KZ88N6Q3L3IPRqxxpqRxrM5iz XRGCvePyAozIXx13qa6D9jJeBH5vD9ellhbnRYB5ZJFktwQzkjfvaQjNc4d0jSLi jOHX7K+wrlBSX4fuTckdzd572IC/FEqjI69nJsO5USpg/nzeWrY4p9tA7v/Bd1JR xy5fLSqB0JRpCpU6bRqPbpgGUaJSPaOcuVHfTveVrxOG+9XEoe+hN/poRM9ahjep haYJahgA4t9bkaXbwjQq9g87eXz7xUhrtoc9Y7WHPrTxNg+oMbPg/0J5guOXofPC vbF1Kv86KlOQuaYChxKYGXswHxDd8sW07R+70+yYFpfOmDY8uCA1ROmnXSmYpAAV KCaos7lJL6Ctv+o1d9fumAnTMsC/UqnjJqXaX1S+IVVsbWo9gvnoJ0YzahZ4dEUU 6M+p36dZ+TaLep2B8UkrYgHQqfqA9hJTTQUiguM1biP3sYjjeTdtes5CS/TOBalJ EQQiTbN0I/zqBrfjPGtDFig4LE+RdXBw5Y9HYs93J1w76C5j3WZ6ZuaBosgNrqkW fpXPl56mGZY= =fZCa -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce