Ubuntu has issued an advisory on September 15: https://ubuntu.com/security/notices/USN-5614-1 The issue is fixed upstream in 1.20.91.
Assigning to the registered wayland maintainer.
Assignee: bugsquad => mageiaCC: (none) => marja11
Suggested advisory: ======================== The updated packages fix a security vulnerability: An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time. (CVE-2021-3782) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3782 https://ubuntu.com/security/notices/USN-5614-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)wayland-client0-1.18.0-3.1.mga8 lib(64)wayland-cursor0-1.18.0-3.1.mga8 lib(64)wayland-devel-1.18.0-3.1.mga8 lib(64)wayland-egl1-1.18.0-3.1.mga8 lib(64)wayland-server0-1.18.0-3.1.mga8 wayland-doc-1.18.0-3.1.mga8 wayland-tools-1.18.0-3.1.mga8 from SRPM: wayland-1.18.0-3.1.mga8.src.rpm
Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroCVE: (none) => CVE-2021-3782Assignee: mageia => qa-bugs
GNOME, MGA8-64, laptop, A6 The following 4 packages are going to be installed: - lib64wayland-client0-1.18.0-3.1.mga8.x86_64 - lib64wayland-cursor0-1.18.0-3.1.mga8.x86_64 - lib64wayland-egl1-1.18.0-3.1.mga8.x86_64 - lib64wayland-server0-1.18.0-3.1.mga8.x86_64 4.3KB of additional disk space will be used. -- rebooted and confirmed set to standard GNOME option system is behaving as expected.
CC: (none) => brtians1
GNOME, Vbox, 64bit The following 9 packages are going to be installed: - lib64ffi-devel-3.3-2.mga8.x86_64 - lib64wayland-client0-1.18.0-3.1.mga8.x86_64 - lib64wayland-cursor0-1.18.0-3.1.mga8.x86_64 - lib64wayland-devel-1.18.0-3.1.mga8.x86_64 - lib64wayland-egl1-1.18.0-3.1.mga8.x86_64 - lib64wayland-server0-1.18.0-3.1.mga8.x86_64 - multiarch-utils-1.0.14-3.mga8.noarch - wayland-doc-1.18.0-3.1.mga8.noarch - wayland-tools-1.18.0-3.1.mga8.x86_64 1.2MB of additional disk space will be used. - rebooted - confirmed using GNOME standard rendering as I would expect.
MGA8-64 MATE on Acer Aspire 5253 No installation issues Rebooted after installation, everything seems to work, but most applications (Firefox and caja, LO, parole e.a.) get a thick black outer border. I found only Videos application to have a thin border as usual. I cann't see this system is actually running wayland????
CC: (none) => herman.viaene
HI Herman, I've seen this before. Check if High Contrast got enabled in Mate.
@Brian, You mean the Appearance setting: the theme active (by default, I didn't change it) is Custom, and it refers to Menta, and nowhere in the Controls etc... is High Contrast selected.
Tested KDE Plasma Wayland on a Sony Vaio E Series laptop with AMD/ATI graphics. [root@mga8-tst2 ~]# lspci -nnk | grep -iA3 vga 01:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Thames [Radeon HD 7550M/7570M/7650M] [1002:6841] Subsystem: Sony Corporation Device [104d:90ac] Kernel driver in use: radeon Kernel modules: radeon No regression found. Ulrich
CC: (none) => bequimao.de
Giving this an OK based on tests by Brian and Ulrich, as well as Herman's comment that "everything seems to work." Herman, I am completely unfamiliar with either MATE or Wayland, but a bit of research indicates that the mga8 version of MATE is 1.24.x. It is my understanding that there was only partial support for Wayland in that version, with much more in the 1.26.x version in Cauldron. Therefore, I am thinking that a bit of what sounds like a cosmetic issue in MATE 1.24 can be discounted for the purposes of this update. If any of that is in error, someone please correct me. Validating. Advisory in comment 2.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0418.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED