AlmaLinuxALSA-2023:2786Moderate: wayland security, bug fix, and enhancement update
6.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
12.1%
Wayland is a protocol for a compositor to talk to its clients, as well as a C library implementation of that protocol. The compositor can be a standalone display server running on Linux kernel modesetting and evdev input devices, an X application, or a wayland client itself. The clients can be traditional applications, X servers (rootless or fullscreen) or other display servers.
The following packages have been upgraded to a later upstream version: wayland (1.21.0). (BZ#2137625)
Security Fix(es):
- wayland: libwayland-server wl_shm reference-count overflow (CVE-2021-3782)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 8 | i686 | libwayland-server | < 1.21.0-1.el8 | libwayland-server-1.21.0-1.el8.i686.rpm |
| almalinux | 8 | i686 | libwayland-egl | < 1.21.0-1.el8 | libwayland-egl-1.21.0-1.el8.i686.rpm |
| almalinux | 8 | i686 | libwayland-cursor | < 1.21.0-1.el8 | libwayland-cursor-1.21.0-1.el8.i686.rpm |
| almalinux | 8 | i686 | wayland-devel | < 1.21.0-1.el8 | wayland-devel-1.21.0-1.el8.i686.rpm |
| almalinux | 8 | i686 | libwayland-client | < 1.21.0-1.el8 | libwayland-client-1.21.0-1.el8.i686.rpm |
| almalinux | 8 | x86_64 | libwayland-client | < 1.21.0-1.el8 | libwayland-client-1.21.0-1.el8.x86_64.rpm |
| almalinux | 8 | x86_64 | libwayland-egl | < 1.21.0-1.el8 | libwayland-egl-1.21.0-1.el8.x86_64.rpm |
| almalinux | 8 | x86_64 | wayland-devel | < 1.21.0-1.el8 | wayland-devel-1.21.0-1.el8.x86_64.rpm |
| almalinux | 8 | x86_64 | libwayland-server | < 1.21.0-1.el8 | libwayland-server-1.21.0-1.el8.x86_64.rpm |
| almalinux | 8 | x86_64 | libwayland-cursor | < 1.21.0-1.el8 | libwayland-cursor-1.21.0-1.el8.x86_64.rpm |
Related
6.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
12.1%