Test ID:	1.3.6.1.4.1.25623.1.0.856363
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2024:2776-1)
Summary:	The remote host is missing an update for the 'dri3proto, presentproto, wayland-protocols, xwayland' package(s) announced via the SUSE-SU-2024:2776-1 advisory.
Description:	Summary: The remote host is missing an update for the 'dri3proto, presentproto, wayland-protocols, xwayland' package(s) announced via the SUSE-SU-2024:2776-1 advisory. Vulnerability Insight: This update for dri3proto, presentproto, wayland-protocols, xwayland fixes the following issues: Changes in presentproto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in wayland-protocols: - Update to version 1.36: * xdg-dialog: fix missing namespace in protocol name - Changes from version 1.35: * cursor-shape-v1: Does not advertises the list of supported cursors * xdg-shell: add missing enum attribute to set_constraint_adjustment * xdg-shell: recommend against drawing decorations when tiled * tablet-v2: mark as stable * staging: add alpha-modifier protocol - Update to 1.36 * Fix to the xdg dialog protocol * tablet-v2 protocol is now stable * alpha-modifier: new protocol * Bug fix to the cursor shape documentation * The xdg-shell protocol now also explicitly recommends against drawing decorations outside of the window geometry when tiled - Update to 1.34: * xdg-dialog: new protocol * xdg-toplevel-drag: new protocol * Fix typo in ext-foreign-toplevel-list-v1 * tablet-v2: clarify that name/id events are optional * linux-drm-syncobj-v1: new protocol * linux-explicit-synchronization-v1: add linux-drm-syncobj note - Update to version 1.33: * xdg-shell: Clarify what a toplevel by default includes * linux-dmabuf: sync changes from unstable to stable * linux-dmabuf: require all planes to use the same modifier * presentation-time: stop referring to Linux/glibc * security-context-v1: Make sandbox engine names use reverse-DNS * xdg-decoration: remove ambiguous wording in configure event * xdg-decoration: fix configure event summary * linux-dmabuf: mark as stable * linux-dmabuf: add note about implicit sync * security-context-v1: Document what can be done with the open sockets * security-context-v1: Document out of band metadata for flatpak Changes in dri3proto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in xwayland: - Update to bugfix release 24.1.1 for the current stable 24.1 branch of Xwayland * xwayland: fix segment fault in `xwl_glamor_gbm_init_main_dev` * os: Explicitly include X11/Xmd.h for CARD32 definition to fix building on i686 * present: On *BSD, epoll-shim is needed to emulate eventfd() * xwayland: Stop on first unmapped child * xwayland/window-buffers: Promote xwl_window_buffer * xwayland/window-buffers: Add xwl_window_buffer_release() * xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM * xwayland/window-buffers: Use synchronization from GLAMOR/GBM * xwayland/window-buffers: Do not always set syncpnts * xwayland/window-buffers: Move code to submit pixmaps * xwayland/window-buffers: Set syncpnts for all pixmaps * xwayland: Move xwl_window disposal to its own function * xwayland: Make sure we do not leak xwl_window on destroy * wayland/window-buffers: Move buffer disposal to its own function * xwayland/window-buffers: ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'dri3proto, presentproto, wayland-protocols, xwayland' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-31080 RHBZ#2271997 https://bugzilla.redhat.com/show_bug.cgi?id=2271997 RHSA-2024:1785 https://access.redhat.com/errata/RHSA-2024:1785 RHSA-2024:2036 https://access.redhat.com/errata/RHSA-2024:2036 RHSA-2024:2037 https://access.redhat.com/errata/RHSA-2024:2037 RHSA-2024:2038 https://access.redhat.com/errata/RHSA-2024:2038 RHSA-2024:2039 https://access.redhat.com/errata/RHSA-2024:2039 RHSA-2024:2040 https://access.redhat.com/errata/RHSA-2024:2040 RHSA-2024:2041 https://access.redhat.com/errata/RHSA-2024:2041 RHSA-2024:2042 https://access.redhat.com/errata/RHSA-2024:2042 RHSA-2024:2080 https://access.redhat.com/errata/RHSA-2024:2080 RHSA-2024:2616 https://access.redhat.com/errata/RHSA-2024:2616 RHSA-2024:3258 https://access.redhat.com/errata/RHSA-2024:3258 RHSA-2024:3261 https://access.redhat.com/errata/RHSA-2024:3261 RHSA-2024:3343 https://access.redhat.com/errata/RHSA-2024:3343 http://www.openwall.com/lists/oss-security/2024/04/03/13 http://www.openwall.com/lists/oss-security/2024/04/12/10 https://access.redhat.com/security/cve/CVE-2024-31080 https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6TF7FZXOKHIKPZXYIMSQXKVH7WITKV3V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBLQJIAXEDMEGRGZMSH7CWUJHSVKUWLV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P73U4DAAWLFZAPD75GLXTGMSTTQWW5AP/ Common Vulnerability Exposure (CVE) ID: CVE-2024-31081 RHBZ#2271998 https://bugzilla.redhat.com/show_bug.cgi?id=2271998 https://access.redhat.com/security/cve/CVE-2024-31081 Common Vulnerability Exposure (CVE) ID: CVE-2024-31083 RHBZ#2272000 https://bugzilla.redhat.com/show_bug.cgi?id=2272000 https://access.redhat.com/security/cve/CVE-2024-31083
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.