Security update for virglrenderer SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0902-1 Final 1 1 2017-03-31T08:52:20Z current 2017-03-31T08:52:20Z 2017-03-31T08:52:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for virglrenderer This update for virglrenderer fixes the following issues: Security issues fixed: - CVE-2017-6386: memory leakage while in vrend_create_vertex_elements_state (bsc#1027376) - CVE-2017-6355: integer overflow while creating shader object (bsc#1027108) - CVE-2017-6317: fix memory leak in add shader program (bsc#1026922) - CVE-2017-6210: null pointer dereference in vrend_decode_reset (bsc#1026725) - CVE-2017-6209: stack buffer oveflow in parse_identifier (bsc#1026723) - CVE-2017-5994: out-of-bounds access in vrend_create_vertex_elements_state (bsc#1025507) - CVE-2017-5993: host memory leakage when initialising blitter context (bsc#1025505) - CVE-2017-5957: stack overflow in vrend_decode_set_framebuffer_state (bsc#1024993) - CVE-2017-5956: OOB access while in vrend_draw_vbo (bsc#1024992) - CVE-2017-5937: null pointer dereference in vrend_clear (bsc#1024232) - CVE-2017-5580: OOB access while parsing texture instruction (bsc#1021627) - CVE-2016-10214: host memory leak issue in virgl_resource_attach_backing (bsc#1024244) - CVE-2016-10163: host memory leakage when creating decode context (bsc#1021616) This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html E-Mail link for openSUSE-SU-2017:0902-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 libvirglrenderer0-0.5.0-3.3.1 virglrenderer-0.5.0-3.3.1 virglrenderer-devel-0.5.0-3.3.1 virglrenderer-test-server-0.5.0-3.3.1 libvirglrenderer0-0.5.0-3.3.1 as a component of openSUSE Leap 42.2 virglrenderer-0.5.0-3.3.1 as a component of openSUSE Leap 42.2 virglrenderer-devel-0.5.0-3.3.1 as a component of openSUSE Leap 42.2 virglrenderer-test-server-0.5.0-3.3.1 as a component of openSUSE Leap 42.2 Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context. CVE-2016-10163 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2016-10163.html CVE-2016-10163 https://bugzilla.suse.com/1021616 SUSE Bug 1021616 Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. CVE-2016-10214 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2016-10214.html CVE-2016-10214 https://bugzilla.suse.com/1024244 SUSE Bug 1024244 The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction. CVE-2017-5580 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 moderate 3.8 AV:A/AC:M/Au:S/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2017-5580.html CVE-2017-5580 https://bugzilla.suse.com/1021627 SUSE Bug 1021627 The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command. CVE-2017-5937 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2017-5937.html CVE-2017-5937 https://bugzilla.suse.com/1024232 SUSE Bug 1024232 https://bugzilla.suse.com/1041089 SUSE Bug 1041089 The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index. CVE-2017-5956 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 moderate 3.8 AV:A/AC:M/Au:S/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2017-5956.html CVE-2017-5956 https://bugzilla.suse.com/1024992 SUSE Bug 1024992 Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument. CVE-2017-5957 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 moderate 3.8 AV:A/AC:M/Au:S/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2017-5957.html CVE-2017-5957 https://bugzilla.suse.com/1024993 SUSE Bug 1024993 Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_CCMD_BLIT commands. CVE-2017-5993 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2017-5993.html CVE-2017-5993 https://bugzilla.suse.com/1025505 SUSE Bug 1025505 Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter. CVE-2017-5994 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2017-5994.html CVE-2017-5994 https://bugzilla.suse.com/1025507 SUSE Bug 1025507 Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties. CVE-2017-6209 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 moderate 3 AV:L/AC:M/Au:S/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2017-6209.html CVE-2017-6209 https://bugzilla.suse.com/1026723 SUSE Bug 1026723 The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero). CVE-2017-6210 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2017-6210.html CVE-2017-6210 https://bugzilla.suse.com/1026725 SUSE Bug 1026725 Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involving the sprog variable. CVE-2017-6317 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2017-6317.html CVE-2017-6317 https://bugzilla.suse.com/1026922 SUSE Bug 1026922 Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access. CVE-2017-6355 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 moderate 3 AV:L/AC:M/Au:S/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2017-6355.html CVE-2017-6355 https://bugzilla.suse.com/1027108 SUSE Bug 1027108 Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands. CVE-2017-6386 openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1 openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1 low 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-03/msg00119.html https://www.suse.com/security/cve/CVE-2017-6386.html CVE-2017-6386 https://bugzilla.suse.com/1027376 SUSE Bug 1027376