<div class="container">
    <h1>Security update for libva</h1>

    <table class="table table-striped table-bordered">
        <tbody>
        <tr>
            <th>Announcement ID:</th>
            <td>SUSE-SU-2025:1453-1</td>
        </tr>
        <tr>
            <th>Release Date:</th>
            <td>2025-05-05T07:44:16Z</td>
        </tr>
        
        <tr>
            <th>Rating:</th>
            <td>moderate</td>
        </tr>
        <tr>
            <th>References:</th>
            <td>
                <ul>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1202828">bsc#1202828</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1217770">bsc#1217770</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1224413">bsc#1224413</a>
                        </li>
                    
                    
                        <li style="display: inline;">
                            <a href="https://jira.suse.com/browse/PED-11066">jsc#PED-11066</a>
                        </li>
                    
                </ul>
            </td>
        </tr>
        
            <tr>
                <th>
                    Cross-References:
                </th>
                <td>
                    <ul>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2023-39929.html">CVE-2023-39929</a>
                        </li>
                    
                    </ul>
                </td>
            </tr>
            <tr>
                <th>CVSS scores:</th>
                <td>
                    <ul class="list-group">
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2023-39929</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">6.7</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                    </ul>
                </td>
            </tr>
        
        <tr>
            <th>Affected Products:</th>
            <td>
                <ul class="list-group">
                    
                        <li class="list-group-item">openSUSE Leap 15.5</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP5</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing LTSS 15 SP5</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server 15 SP5</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server 15 SP5 LTSS</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP5</li>
                    
                </ul>
            </td>
        </tr>
        </tbody>
    </table>

    <p>An update that solves one vulnerability, contains one feature and has two security fixes can now be installed.</p>

    


    
        <h2>Description:</h2>
    
    <p>This update for libva fixes the following issues:</p>
<p>Update to libva version 2.20.0, which includes security fix for:</p>
<ul>
<li>CVE-2023-39929: uncontrolled search path may allow an authenticated user to
  escalate privilege via local access (bsc#1224413, jsc#PED-11066)</li>
</ul>
<p>This includes latest version of one of the components needed for Video
(processing) hardware support on Intel GPUs (bsc#1217770)</p>
<p>Update to version 2.20.0:</p>
<ul>
<li>av1: Revise offsets comments for av1 encode</li>
<li>
<p>drm:</p>
<ul>
<li>Limit the array size to avoid out of range</li>
<li>Remove no longer used helpers</li>
</ul>
</li>
<li>
<p>jpeg: add support for crop and partial decode</p>
</li>
<li>
<p>trace:</p>
<ul>
<li>Add trace for vaExportSurfaceHandle</li>
<li>Unlock mutex before return</li>
<li>Fix minor issue about printf data type and value range</li>
</ul>
</li>
<li>
<p>va/backend:</p>
<ul>
<li>Annotate vafool as deprecated</li>
<li>Document the vaGetDriver* APIs</li>
</ul>
</li>
<li>
<p>va/x11/va_fglrx: Remove some dead code</p>
</li>
<li>va/x11/va_nvctrl: Remove some dead code</li>
<li>
<p>va:</p>
<ul>
<li>Add new VADecodeErrorType to indicate the reset happended in
  the driver</li>
<li>Add vendor string on va_TraceInitialize</li>
<li>Added Q416 fourcc (three-plane 16-bit YUV 4:4:4)</li>
<li>Drop no longer applicable vaGetDriverNames check</li>
<li>Fix:don&#x27;t leak driver names, when override is set</li>
<li>Fix:set driver number to be zero if vaGetDriverNames failed</li>
<li>Optimize code of getting driver name for all protocols/os
  (wayland,x11,drm,win32,android)</li>
<li>Remove legacy code paths</li>
<li>Remove unreachable "DRIVER BUG"</li>
</ul>
</li>
<li>
<p>x11/dri2: limit the array handling to avoid out of range access</p>
</li>
<li>
<p>x11:</p>
<ul>
<li>Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var</li>
<li>Implement vaGetDriverNames</li>
<li>Remove legacy code paths</li>
</ul>
</li>
</ul>
<p>Update to 2.19.0:</p>
<ul>
<li>add: Add mono_chrome to VAEncSequenceParameterBufferAV1</li>
<li>add: Enable support for license acquisition of multiple protected
    playbacks</li>
<li>fix: use secure_getenv instead of getenv</li>
<li>trace: Improve and add VA trace log for AV1 encode</li>
<li>trace: Unify va log message, replace va_TracePrint with va_TraceMsg.</li>
</ul>
<p>Update to version 2.18.0:</p>
<ul>
<li>doc: Add build and install libva informatio in home page.</li>
<li>
<p>fix:</p>
<ul>
<li>Add libva.def into distribution package</li>
<li>NULL check before calling strncmp.</li>
<li>Remove reference to non-existent symbol</li>
</ul>
</li>
<li>
<p>meson: docs:</p>
<ul>
<li>Add encoder interface for av1</li>
<li>Use libva_version over project_version()</li>
</ul>
</li>
<li>
<p>va:</p>
<ul>
<li>Add VAProfileH264High10</li>
<li>Always build with va-messaging API</li>
<li>Fix the codying style of CHECK_DISPLAY</li>
<li>Remove Android pre Jelly Bean workarounds</li>
<li>Remove dummy isValid() hook</li>
<li>Remove unused drm_sarea.h include & ANDROID references in
  va_dricommon.h</li>
<li>va/sysdeps.h: remove Android section</li>
<li>x11:</li>
<li>
<p>Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var</p>
</li>
<li>
<p>Use LIBVA_DRI3_DISABLE in GetNumCandidates</p>
</li>
</ul>
</li>
<li>
<p>Add libva-wayland to baselibs.conf, now that its build have moved
  to the main part of spec, source validator should no longer
  complain on SLE.</p>
</li>
</ul>
<p>Update to 2.17.0:</p>
<ul>
<li>win: Simplify signature for driver name loading</li>
<li>win: Rewrite driver registry query and fix some
    bugs/leaks/inefficiencies</li>
<li>win: Add missing null check after calloc</li>
<li>va: Update security disclaimer</li>
<li>dep:remove the file .cvsignore</li>
<li>pkgconfig: add &#x27;with-legacy&#x27; for emgd, nvctrl and fglrx</li>
<li>meson: add &#x27;with-legacy&#x27; for emgd, nvctrl and fglrx</li>
<li>x11: move all FGLRX code to va_fglrx.c</li>
<li>x11: move all NVCTRL code to va_nvctrl.c</li>
<li>meson: stop using deprecated meson.source_root()</li>
<li>meson: stop using configure_file copy=true</li>
<li>va: correctly include the win32 (local) headers</li>
<li>win: clean-up the coding style</li>
<li>va: dos2unix all the files</li>
<li>drm: remove unnecessary dri2 version/extension query</li>
<li>trace: annotate internal functions with DLL_HIDDEN</li>
<li>build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use <em>GNUC</em>
    support level attribute instead</li>
<li>meson: Check support for -Wl,-version-script and build link_args
    accordingly</li>
<li>meson: Set va_win32 soversion to &#x27;&#x27; and remove the install_data rename</li>
<li>fix: resouce check null</li>
<li>va_trace: Add Win32 memory types in va_TraceSurfaceAttributes</li>
<li>va_trace: va_TraceSurfaceAttributes should check the
    VASurfaceAttribMemoryType</li>
<li>va: Adds Win32 Node and Windows build support</li>
<li>va: Adds compat_win32 abstraction for Windows build and prepares va
    common code for windows build</li>
<li>pkgconfig: Add Win32 package for when WITH_WIN32 is enabled</li>
<li>meson: Add with_win32 option, makes libdrm non-mandatory on Win</li>
<li>x11: add basic DRI3 support</li>
<li>drm: remove VA_DRM_IsRenderNodeFd() helper</li>
<li>drm: add radeon drm + radeonsi mesa combo</li>
</ul>



    

    <h2>Patch Instructions:</h2>
    <p>
        To install this SUSE  update use the SUSE recommended
        installation methods like YaST online_update or "zypper patch".<br/>

        Alternatively you can run the command listed for your product:
    </p>
    <ul class="list-group">
        
            <li class="list-group-item">
                openSUSE Leap 15.5
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-2025-1453=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1453=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1453=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise Server 15 SP5 LTSS
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1453=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise Server for SAP Applications 15 SP5
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1453=1</code>
                    
                    
                
            </li>
        
    </ul>

    <h2>Package List:</h2>
    <ul>
        
            
                <li>
                    openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
                    <ul>
                        
                            <li>libva-x11-2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-devel-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-debugsource-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-gl-debugsource-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-glx2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-glx2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-gl-devel-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-x11-2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                    </ul>
                </li>
            
                <li>
                    openSUSE Leap 15.5 (x86_64)
                    <ul>
                        
                            <li>libva-x11-2-32bit-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-32bit-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-32bit-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-32bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-32bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-devel-32bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-32bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-glx2-32bit-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-glx2-32bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-gl-devel-32bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-32bit-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-x11-2-32bit-2.20.0-150500.3.5.1</li>
                        
                    </ul>
                </li>
            
                <li>
                    openSUSE Leap 15.5 (aarch64_ilp32)
                    <ul>
                        
                            <li>libva2-64bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-64bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-64bit-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-64bit-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-64bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-devel-64bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-64bit-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-glx2-64bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-x11-2-64bit-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-x11-2-64bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-gl-devel-64bit-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-glx2-64bit-debuginfo-2.20.0-150500.3.5.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64)
                    <ul>
                        
                            <li>libva-x11-2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-devel-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-debugsource-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-x11-2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64)
                    <ul>
                        
                            <li>libva-x11-2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-devel-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-debugsource-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-x11-2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
                    <ul>
                        
                            <li>libva-x11-2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-devel-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-debugsource-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-x11-2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
                    <ul>
                        
                            <li>libva-x11-2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-devel-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-debugsource-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-wayland2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-x11-2-2.20.0-150500.3.5.1</li>
                        
                            <li>libva-drm2-debuginfo-2.20.0-150500.3.5.1</li>
                        
                    </ul>
                </li>
            
        
    </ul>

    
        <h2>References:</h2>
        <ul>
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2023-39929.html">https://www.suse.com/security/cve/CVE-2023-39929.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1202828">https://bugzilla.suse.com/show_bug.cgi?id=1202828</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1217770">https://bugzilla.suse.com/show_bug.cgi?id=1217770</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1224413">https://bugzilla.suse.com/show_bug.cgi?id=1224413</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://jira.suse.com/browse/PED-11066">https://jira.suse.com/browse/PED-11066</a>
                    </li>
                
            
        </ul>
    
</div>