# Security update for libva Announcement ID: SUSE-SU-2025:1451-1 Release Date: 2025-05-05T07:43:42Z Rating: moderate References: * bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 * jsc#PED-1174 * jsc#SLE-19361 Cross-References: * CVE-2023-39929 CVSS scores: * CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability, contains three features and has two security fixes can now be installed. ## Description: This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * uncontrolled search path may allow an authenticated user to escalate privilege via local access (CVE-2023-39929, bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: * Limit the array size to avoid out of range * Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: * Add trace for vaExportSurfaceHandle * Unlock mutex before return * Fix minor issue about printf data type and value range * va/backend: * Annotate vafool as deprecated * Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: * Add new VADecodeErrorType to indicate the reset happended in the driver * Add vendor string on va_TraceInitialize * Added Q416 fourcc (three-plane 16-bit YUV 4:4:4) * Drop no longer applicable vaGetDriverNames check * Fix:don't leak driver names, when override is set * Fix:set driver number to be zero if vaGetDriverNames failed * Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) * Remove legacy code paths * Remove unreachable "DRIVER BUG" * win32: * Only print win32 driver messages in DEBUG builds * Remove duplicate adapter_luid entry * x11/dri2: limit the array handling to avoid out of range access * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var * Implement vaGetDriverNames * Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: * Add libva.def into distribution package * NULL check before calling strncmp. * Remove reference to non-existent symbol * meson: docs: * Add encoder interface for av1 * Use libva_version over project_version() * va: * Add VAProfileH264High10 * Always build with va-messaging API * Fix the codying style of CHECK_DISPLAY * Remove Android pre Jelly Bean workarounds * Remove dummy isValid() hook * Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h * va/sysdeps.h: remove Android section * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var * Use LIBVA_DRI3_DISABLE in GetNumCandidates Update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Add missing null check after calloc * va: Update security disclaimer * dep:remove the file .cvsignore * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to '' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo Needed for jira#PED-1174 (Video decoding/encoding support (VA-API, ...) for Intel GPUs is outside of Mesa) Update to 2.16.0: * add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e. * dep: Update README.md to remove badge links * dep: Removed waffle-io badge from README to fix broken link * dep: Drop mailing list, IRC and Slack * autotools: use wayland-scanner private-code * autotools: use the wayland-scanner.pc to locate the prog * meson: use wayland-scanner private-code * meson: request native wayland-scanner * meson: use the wayland-scanner.pc to locate the prog * meson: set HAVE_VA_X11 when applicable * style:Correct slight coding style in several new commits * trace: add Linux ftrace mode for va trace * trace: Add missing pthread_mutex_destroy * drm: remove no-longer needed X == X mappings * drm: fallback to drm driver name == va driver name * drm: simplify the mapping table * x11: simplify the mapping table Update to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2 Release 22.4.4 Update to 2.15.0: * Add: new display HW attribute to report PCI ID * Add: sample depth related parameters for AV1e * Add: refresh_frame_flags for AV1e * Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC. * Add: nvidia-drm to the drm driver map * Add: type and buffer for delta qp per block * Deprecation: remove the va_fool support * Fix:Correct the version of meson build on master branch * Fix:X11 DRI2: check if device is a render node * Build:Use also strong stack protection if supported * Trace:print the string for profile/entrypoint/configattrib Update to 2.14.0: * add: Add av1 encode interfaces * add: VA/X11 VAAPI driver mapping for crocus DRI driver * doc: Add description of the fd management for surface importing * ci: fix freebsd build * meson: Copy public headers to build directory to support subproject Update to 2.13.0 * add new surface format fourcc XYUV * Fix av1 dec doc page link issue * unify the code styles using the style_unify script * Check the function pointer before using (fixes github issue#536) * update NEWS for 2.13.0 Update to 2.12.0: * add: Report the capability of vaCopy support * add: Report the capability of sub device * add: Add config attributes to advertise HEVC/H.265 encoder features * add: Video processing HVS Denoise: Added 4 modes * add: Introduce VASurfaceAttribDRMFormatModifiers * add: Add 3DLUT Filter in Video Processing. * doc: Update log2_tile_column description for vp9enc * trace: Correct av1 film grain trace information * ci: Fix freebsd build by switching to vmactions/freebsd-vm@v0.1.3 Update to 2.11.0: * add: LibVA Protected Content API * add: Add a configuration attribute to advertise AV1d LST feature * fix: wayland: don't try to authenticate with render nodes * autotools: use shell grouping instead of sed to prepend a line * trace: Add details data dump for mpeg2 IQ matrix. * doc: update docs for VASurfaceAttribPixelFormat * doc: Libva documentation edit for AV1 reference frames * doc: Modify AV1 frame_width_minus1 and frame_height_minus1 comment * doc: Remove tile_rows and tile_cols restriction to match AV1 spec * doc: Format code for doxygen output * doc: AV1 decode documentation edit for superres_scale_denominator * ci: upgrade FreeBSD to 12.2 * ci: disable travis build * ci: update cache before attempting to install packages * ci: avoid running workloads on other workloads changes * ci: enable github actions * CVE-2023-39929: Fixed an issue where an uncontrolled search path may allow authenticated users to escalate privilege via local access. (bsc#1224413) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1451=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1451=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1451=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1451=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1451=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-glx2-2.20.0-150300.3.3.1 * libva-gl-debugsource-2.20.0-150300.3.3.1 * libva-gl-devel-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-glx2-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * openSUSE Leap 15.3 (x86_64) * libva-drm2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-32bit-2.20.0-150300.3.3.1 * libva-wayland2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-drm2-32bit-2.20.0-150300.3.3.1 * libva-glx2-32bit-2.20.0-150300.3.3.1 * libva-x11-2-32bit-2.20.0-150300.3.3.1 * libva2-32bit-2.20.0-150300.3.3.1 * libva-x11-2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-glx2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-gl-devel-32bit-2.20.0-150300.3.3.1 * libva2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-devel-32bit-2.20.0-150300.3.3.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libva-drm2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-drm2-64bit-2.20.0-150300.3.3.1 * libva-gl-devel-64bit-2.20.0-150300.3.3.1 * libva-x11-2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-64bit-2.20.0-150300.3.3.1 * libva-glx2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva2-64bit-2.20.0-150300.3.3.1 * libva-glx2-64bit-2.20.0-150300.3.3.1 * libva-x11-2-64bit-2.20.0-150300.3.3.1 * libva2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-devel-64bit-2.20.0-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39929.html * https://bugzilla.suse.com/show_bug.cgi?id=1202828 * https://bugzilla.suse.com/show_bug.cgi?id=1217770 * https://bugzilla.suse.com/show_bug.cgi?id=1224413 * https://jira.suse.com/browse/PED-11066 * https://jira.suse.com/browse/PED-1174 * https://jira.suse.com/browse/SLE-19361