Headline
RHSA-2023:2786: Red Hat Security Advisory: wayland security, bug fix, and enhancement update
An update for wayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-3782: An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-16
Updated:
2023-05-16
RHSA-2023:2786 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: wayland security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for wayland is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Wayland is a protocol for a compositor to talk to its clients, as well as a C library implementation of that protocol. The compositor can be a standalone display server running on Linux kernel modesetting and evdev input devices, an X application, or a wayland client itself. The clients can be traditional applications, X servers (rootless or fullscreen) or other display servers.
The following packages have been upgraded to a later upstream version: wayland (1.21.0). (BZ#2137625)
Security Fix(es):
- wayland: libwayland-server wl_shm reference-count overflow (CVE-2021-3782)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2002627 - CVE-2021-3782 wayland: libwayland-server wl_shm reference-count overflow
- BZ - 2137625 - Rebase wayland to 1.21 in el8
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
wayland-1.21.0-1.el8.src.rpm
SHA-256: ee296f2b2ce5e2ed83dec23495564f266d131022185fd204550e8895d4d5f6a8
x86_64
libwayland-client-1.21.0-1.el8.i686.rpm
SHA-256: 8772243f7459546ec9e3bdf5de5fecfb52e58a8fac0b413509f9e84c43400385
libwayland-client-1.21.0-1.el8.x86_64.rpm
SHA-256: f79cef9a39104aa6447efaedd3e6fc702014cd4a5a543932c7c1c9897253818f
libwayland-client-debuginfo-1.21.0-1.el8.i686.rpm
SHA-256: e01fb35181321e8f5eb261de82f580babf249236be770670d2d83810bbd3f05b
libwayland-client-debuginfo-1.21.0-1.el8.x86_64.rpm
SHA-256: aafe5a575ab5e6dd2d15895499e2a01ce985b6c7d604e7997cfa8cbb176e378e
libwayland-cursor-1.21.0-1.el8.i686.rpm
SHA-256: 3a797dba85c718af74445efa316980cfe57b9262de8f7b2d95d06ec27118f063
libwayland-cursor-1.21.0-1.el8.x86_64.rpm
SHA-256: 0ef42f8bbfcf20327b91b69eda9fea7d3b4aae79bb19ab1363b2e1d6840377f7
libwayland-cursor-debuginfo-1.21.0-1.el8.i686.rpm
SHA-256: ec2c0d1dfcc482072d1c7803806f48dd4a6242eed2543c39d196eb833f1568b7
libwayland-cursor-debuginfo-1.21.0-1.el8.x86_64.rpm
SHA-256: 8d9d5d4dbb81d122bcde301f130662665bd95ecd4bafa5bfcb12fef0f5b21298
libwayland-egl-1.21.0-1.el8.i686.rpm
SHA-256: 142eeac99960fe41d785728284e3db33a6726b241af63b690af59e98d0ffb255
libwayland-egl-1.21.0-1.el8.x86_64.rpm
SHA-256: 106ead5fe1e641f86d45cd77b154d31393e5e3d43a342f52d4a1f5a9bdca9444
libwayland-egl-debuginfo-1.21.0-1.el8.i686.rpm
SHA-256: ec6d16b4570cb8f5528f724970f5c162ff0ab277aadcac1d86a5ee8753887718
libwayland-egl-debuginfo-1.21.0-1.el8.x86_64.rpm
SHA-256: d9b8a919f2adb4ff002cc6b303da8d58c0f4a22be9c6ed01cee15cfbd7a89661
libwayland-server-1.21.0-1.el8.i686.rpm
SHA-256: a3a1d41dcc41f85000def863bb63a6eb6ddf6784171067cb60a91cb41d9737f9
libwayland-server-1.21.0-1.el8.x86_64.rpm
SHA-256: ec475c06b2139413c3e4dcfc871e8ff51c5ce4d43fdfb3f33b852a0b552a7e72
libwayland-server-debuginfo-1.21.0-1.el8.i686.rpm
SHA-256: 3cd32d10fd27b071de4ec9c091b2740fafee753d2e3bce9c7a55e20f15df35cc
libwayland-server-debuginfo-1.21.0-1.el8.x86_64.rpm
SHA-256: a834b3c586fd9722f3d35049c1fefc0e59377e276fff1784b675611aa39554c3
wayland-debuginfo-1.21.0-1.el8.i686.rpm
SHA-256: 4fbd82cd21296b580bc692171df7a0a302277ac54de8eaf36270c13c9915f644
wayland-debuginfo-1.21.0-1.el8.x86_64.rpm
SHA-256: 1ffe54dec015da425508a8e2f365df3e0091b5b7735d58333c3e1d0279b1016d
wayland-debugsource-1.21.0-1.el8.i686.rpm
SHA-256: 5ef71194fc441b0af46fc6d1e4c5a5ba7ee796558cc543baa939b4edcbc74daa
wayland-debugsource-1.21.0-1.el8.x86_64.rpm
SHA-256: 704c311b95f8f8195e3c42f85fd2b0302a3b553adce9edbf21f9ed80600f4b53
wayland-devel-1.21.0-1.el8.i686.rpm
SHA-256: 44d6c126f7c9bda5dcf89891623fd67e6a60a1842c2f7084e1029c480d43386d
wayland-devel-1.21.0-1.el8.x86_64.rpm
SHA-256: ac93e212b9210d9df872448ea4ed805de57a6e6c5f853912d49019f1567f6b5c
wayland-devel-debuginfo-1.21.0-1.el8.i686.rpm
SHA-256: 2e080edadb770283405e8697836541d044eedd05287cf2401f25b1be27ad80bb
wayland-devel-debuginfo-1.21.0-1.el8.x86_64.rpm
SHA-256: c783fcefd6007bd10a81c839ec47273d217329f642b1af0d90c6cb5dacb841e8
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
wayland-1.21.0-1.el8.src.rpm
SHA-256: ee296f2b2ce5e2ed83dec23495564f266d131022185fd204550e8895d4d5f6a8
s390x
libwayland-client-1.21.0-1.el8.s390x.rpm
SHA-256: 39a89f08649f1322bff7f7ea0c51b66908d7dc3bba3645dafccca8e1ea9dad0c
libwayland-client-debuginfo-1.21.0-1.el8.s390x.rpm
SHA-256: ae3f400d262ebed6485eec79449f04e841628dc133cdecd78e9a28c8c9c52212
libwayland-cursor-1.21.0-1.el8.s390x.rpm
SHA-256: 62040a67105d74a315bf55883837cedaa1f5f91f288e0cff47f94de43d9ed86e
libwayland-cursor-debuginfo-1.21.0-1.el8.s390x.rpm
SHA-256: 8b4d70a56449b7209c40e1a608807107e128ffd316284ac9ec427ed267c736ac
libwayland-egl-1.21.0-1.el8.s390x.rpm
SHA-256: 248a7f2e7832d1d259c05335ffbd49598a7b0f5c1fb9ec33cb1c44a482c19d79
libwayland-egl-debuginfo-1.21.0-1.el8.s390x.rpm
SHA-256: 298a3e176d4e02f3337d5344153837a3f2be0b73b1eddc565004c2a4879e9687
libwayland-server-1.21.0-1.el8.s390x.rpm
SHA-256: 37dd0f0e378c166a0a08dc4468e33a8bd78965b78486284e0d15383ab17d27ce
libwayland-server-debuginfo-1.21.0-1.el8.s390x.rpm
SHA-256: 58a4a7e712751fb98bf1baa076f4be60a9f72457cfcc02a627513846816b4ffd
wayland-debuginfo-1.21.0-1.el8.s390x.rpm
SHA-256: 3fcaa59c4929706b878d70da2f8979d5cf3cca4fab44e226ff9c656fa47154d9
wayland-debugsource-1.21.0-1.el8.s390x.rpm
SHA-256: 1a8894b4f083a329877001d438669dc0c26b5e5ca292f832d79ced88a4d48e8b
wayland-devel-1.21.0-1.el8.s390x.rpm
SHA-256: 05c38a4f4a6226a7286de3c911d1d5c9faf3e95cfec4ed66183d9d2495ea7a68
wayland-devel-debuginfo-1.21.0-1.el8.s390x.rpm
SHA-256: 2e1bca8d51934e2dd3669ee1d88edac0073f65fa6bed3fd691556a4a7e792417
Red Hat Enterprise Linux for Power, little endian 8
SRPM
wayland-1.21.0-1.el8.src.rpm
SHA-256: ee296f2b2ce5e2ed83dec23495564f266d131022185fd204550e8895d4d5f6a8
ppc64le
libwayland-client-1.21.0-1.el8.ppc64le.rpm
SHA-256: 06224dcea3b114ec3feefa820498300fc93e08d144f37631a3a96a3d33440ca8
libwayland-client-debuginfo-1.21.0-1.el8.ppc64le.rpm
SHA-256: 4ced368ada20990034d307cfa2db00b36ab1113e105a197becc90f3c2d22da82
libwayland-cursor-1.21.0-1.el8.ppc64le.rpm
SHA-256: 1ffbe6971fb812d32788253d8e1eb0efee4748a50396a7a996517a342e1c61b8
libwayland-cursor-debuginfo-1.21.0-1.el8.ppc64le.rpm
SHA-256: 68671d26cf7a2d173cc3908b4390453a976523c983465fbadf4555557d2830e7
libwayland-egl-1.21.0-1.el8.ppc64le.rpm
SHA-256: ff50e66c2f6e224cb590f3ec1ae577a4cdbf7e4005292151239e6afbec3d71c9
libwayland-egl-debuginfo-1.21.0-1.el8.ppc64le.rpm
SHA-256: 59228ad380996a423d165a35cd8d9c101b1596ed9eded91c5d96fdd8e85c8dcb
libwayland-server-1.21.0-1.el8.ppc64le.rpm
SHA-256: 6f3f6e103822890a6442bdf1ad20eeb599dddfdbd758b5875b6f90a18249df41
libwayland-server-debuginfo-1.21.0-1.el8.ppc64le.rpm
SHA-256: 24a6da70004fb8ab3ff47b1fd5c4be4450f6840189dc4dd8cf8c1eaf9a20d1bb
wayland-debuginfo-1.21.0-1.el8.ppc64le.rpm
SHA-256: 721642324d0a2f44f3c36c79d696900ea9b6b5b7ed6db5216e70d8b405e14a26
wayland-debugsource-1.21.0-1.el8.ppc64le.rpm
SHA-256: 667c6e66cd9862505bb513eb80f81371170335a0148f67fe144a1ef20c7bb1a3
wayland-devel-1.21.0-1.el8.ppc64le.rpm
SHA-256: 6d2b774a8e70aa16d5fe17624098e38848572f4dd35fa5f210d2cb6ff369c116
wayland-devel-debuginfo-1.21.0-1.el8.ppc64le.rpm
SHA-256: ec17f8dbb19ba153f50fde832d8d55edff38192f2c320685ce62de376563331a
Red Hat Enterprise Linux for ARM 64 8
SRPM
wayland-1.21.0-1.el8.src.rpm
SHA-256: ee296f2b2ce5e2ed83dec23495564f266d131022185fd204550e8895d4d5f6a8
aarch64
libwayland-client-1.21.0-1.el8.aarch64.rpm
SHA-256: 745a5bde50d42e72d9699552bbe82175dae35c414dd8e389bac252ac80936d53
libwayland-client-debuginfo-1.21.0-1.el8.aarch64.rpm
SHA-256: 6e7472f9a3e0df2f688e7b17f0ff329969696b0dbf2ea11a5b55b29acb318fcf
libwayland-cursor-1.21.0-1.el8.aarch64.rpm
SHA-256: 981a302689cdfccbe48a02a791ba09e699cabedda648a6104ea2054bb52831ef
libwayland-cursor-debuginfo-1.21.0-1.el8.aarch64.rpm
SHA-256: 0a5fa99fcdc2118d3d5fdfef87854e7e2af8b14a9115a309e437dafcac070a82
libwayland-egl-1.21.0-1.el8.aarch64.rpm
SHA-256: 060557ff524871bae1b6d7139c888dfd78823ed0ab5e994fabde3b2e8f350fc6
libwayland-egl-debuginfo-1.21.0-1.el8.aarch64.rpm
SHA-256: 807ad02e86d7480360004c75e3942f5bb6088545498d7e7977a9fdf59f33eaf2
libwayland-server-1.21.0-1.el8.aarch64.rpm
SHA-256: 73c3679ebfeefd7c9daa164a915527a600cad4e60c58953e8da950f75a8043ee
libwayland-server-debuginfo-1.21.0-1.el8.aarch64.rpm
SHA-256: 51e2cd34db0f018c1d2152b1209fecec30376c1a8573bad355a5a860c092b7e4
wayland-debuginfo-1.21.0-1.el8.aarch64.rpm
SHA-256: 08c6d814c77cb688ad6a682bd4aa2cdf372fb85d720368fb859b06f6528373aa
wayland-debugsource-1.21.0-1.el8.aarch64.rpm
SHA-256: 60b7d6aacf776f8326e0579d4b7aa8b70bb73eb34d719a51f109b0afb0220c74
wayland-devel-1.21.0-1.el8.aarch64.rpm
SHA-256: 3ebb863af3ae986e59c27818bd9a611f2ff754b5df6b8af93c05d4e7915c8f45
wayland-devel-debuginfo-1.21.0-1.el8.aarch64.rpm
SHA-256: cbf1f11bc0a413a23ab6acd3a4716c449745a9461111a65d61d7411e7e032470
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-3813-01 - An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8.
An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4492: A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2...
Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
Ubuntu Security Notice 5614-2 - USN-5614-1 fixed a vulnerability in Wayland. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that Wayland incorrectly handled reference counting certain objects. An attacker could use this issue to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code.
An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.
Ubuntu Security Notice 5614-1 - It was discovered that Wayland incorrectly handled reference counting certain objects. An attacker could use this issue to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code.