ID de Prueba:	1.3.6.1.4.1.25623.1.0.856363
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:2776-1)
Resumen:	The remote host is missing an update for the 'dri3proto, presentproto, wayland-protocols, xwayland' package(s) announced via the SUSE-SU-2024:2776-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'dri3proto, presentproto, wayland-protocols, xwayland' package(s) announced via the SUSE-SU-2024:2776-1 advisory. Vulnerability Insight: This update for dri3proto, presentproto, wayland-protocols, xwayland fixes the following issues: Changes in presentproto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in wayland-protocols: - Update to version 1.36: * xdg-dialog: fix missing namespace in protocol name - Changes from version 1.35: * cursor-shape-v1: Does not advertises the list of supported cursors * xdg-shell: add missing enum attribute to set_constraint_adjustment * xdg-shell: recommend against drawing decorations when tiled * tablet-v2: mark as stable * staging: add alpha-modifier protocol - Update to 1.36 * Fix to the xdg dialog protocol * tablet-v2 protocol is now stable * alpha-modifier: new protocol * Bug fix to the cursor shape documentation * The xdg-shell protocol now also explicitly recommends against drawing decorations outside of the window geometry when tiled - Update to 1.34: * xdg-dialog: new protocol * xdg-toplevel-drag: new protocol * Fix typo in ext-foreign-toplevel-list-v1 * tablet-v2: clarify that name/id events are optional * linux-drm-syncobj-v1: new protocol * linux-explicit-synchronization-v1: add linux-drm-syncobj note - Update to version 1.33: * xdg-shell: Clarify what a toplevel by default includes * linux-dmabuf: sync changes from unstable to stable * linux-dmabuf: require all planes to use the same modifier * presentation-time: stop referring to Linux/glibc * security-context-v1: Make sandbox engine names use reverse-DNS * xdg-decoration: remove ambiguous wording in configure event * xdg-decoration: fix configure event summary * linux-dmabuf: mark as stable * linux-dmabuf: add note about implicit sync * security-context-v1: Document what can be done with the open sockets * security-context-v1: Document out of band metadata for flatpak Changes in dri3proto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in xwayland: - Update to bugfix release 24.1.1 for the current stable 24.1 branch of Xwayland * xwayland: fix segment fault in `xwl_glamor_gbm_init_main_dev` * os: Explicitly include X11/Xmd.h for CARD32 definition to fix building on i686 * present: On *BSD, epoll-shim is needed to emulate eventfd() * xwayland: Stop on first unmapped child * xwayland/window-buffers: Promote xwl_window_buffer * xwayland/window-buffers: Add xwl_window_buffer_release() * xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM * xwayland/window-buffers: Use synchronization from GLAMOR/GBM * xwayland/window-buffers: Do not always set syncpnts * xwayland/window-buffers: Move code to submit pixmaps * xwayland/window-buffers: Set syncpnts for all pixmaps * xwayland: Move xwl_window disposal to its own function * xwayland: Make sure we do not leak xwl_window on destroy * wayland/window-buffers: Move buffer disposal to its own function * xwayland/window-buffers: ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'dri3proto, presentproto, wayland-protocols, xwayland' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-31080 RHBZ#2271997 https://bugzilla.redhat.com/show_bug.cgi?id=2271997 RHSA-2024:1785 https://access.redhat.com/errata/RHSA-2024:1785 RHSA-2024:2036 https://access.redhat.com/errata/RHSA-2024:2036 RHSA-2024:2037 https://access.redhat.com/errata/RHSA-2024:2037 RHSA-2024:2038 https://access.redhat.com/errata/RHSA-2024:2038 RHSA-2024:2039 https://access.redhat.com/errata/RHSA-2024:2039 RHSA-2024:2040 https://access.redhat.com/errata/RHSA-2024:2040 RHSA-2024:2041 https://access.redhat.com/errata/RHSA-2024:2041 RHSA-2024:2042 https://access.redhat.com/errata/RHSA-2024:2042 RHSA-2024:2080 https://access.redhat.com/errata/RHSA-2024:2080 RHSA-2024:2616 https://access.redhat.com/errata/RHSA-2024:2616 RHSA-2024:3258 https://access.redhat.com/errata/RHSA-2024:3258 RHSA-2024:3261 https://access.redhat.com/errata/RHSA-2024:3261 RHSA-2024:3343 https://access.redhat.com/errata/RHSA-2024:3343 http://www.openwall.com/lists/oss-security/2024/04/03/13 http://www.openwall.com/lists/oss-security/2024/04/12/10 https://access.redhat.com/security/cve/CVE-2024-31080 https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6TF7FZXOKHIKPZXYIMSQXKVH7WITKV3V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBLQJIAXEDMEGRGZMSH7CWUJHSVKUWLV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P73U4DAAWLFZAPD75GLXTGMSTTQWW5AP/ Common Vulnerability Exposure (CVE) ID: CVE-2024-31081 RHBZ#2271998 https://bugzilla.redhat.com/show_bug.cgi?id=2271998 https://access.redhat.com/security/cve/CVE-2024-31081 Common Vulnerability Exposure (CVE) ID: CVE-2024-31083 RHBZ#2272000 https://bugzilla.redhat.com/show_bug.cgi?id=2272000 https://access.redhat.com/security/cve/CVE-2024-31083
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.