| Summary: | mesa new security issues CVE-2013-1872 and CVE-2013-1993 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/552862/ | ||
| Whiteboard: | has_procedure mga2-32-ok mga2-64-ok | ||
| Source RPM: | mesa-8.0.5-1.mga2.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 10105 | ||
|
Description
David Walser
2013-06-19 21:30:34 CEST
David Walser
2013-06-19 21:31:11 CEST
Blocks:
(none) =>
10105 Mesa is in both core and tainted, fixing the text below the advisory to reflect that. It is also now actually built for tainted. Advisory: ======================== Updated mesa packages fix security vulnerabilities: An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2013-1872). It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2013-1993). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://rhn.redhat.com/errata/RHSA-2013-0897.html ======================== Updated packages in {core,tainted}/updates_testing: ======================== mesa-8.0.5-1.1.mga2 libmesagl1-8.0.5-1.1.mga2 libdri-drivers-8.0.5-1.1.mga2 libmesagl1-devel-8.0.5-1.1.mga2 libmesaglu1-8.0.5-1.1.mga2 libmesaglu1-devel-8.0.5-1.1.mga2 libmesaegl1-8.0.5-1.1.mga2 libmesaegl1-devel-8.0.5-1.1.mga2 libglapi0-8.0.5-1.1.mga2 libglapi0-devel-8.0.5-1.1.mga2 libmesaglesv1_1-8.0.5-1.1.mga2 libmesaglesv1_1-devel-8.0.5-1.1.mga2 libmesaglesv2_2-8.0.5-1.1.mga2 libmesaglesv2_2-devel-8.0.5-1.1.mga2 libmesaopenvg1-8.0.5-1.1.mga2 libmesaopenvg1-devel-8.0.5-1.1.mga2 libgbm1-8.0.5-1.1.mga2 libgbm1-devel-8.0.5-1.1.mga2 libwayland-egl1-8.0.5-1.1.mga2 libwayland-egl1-devel-8.0.5-1.1.mga2 mesa-common-devel-8.0.5-1.1.mga2 from mesa-8.0.5-1.1.mga2.src.rpm Mesa can be tested using some of the demos from the mesa-demos package $ urpmf mesa-demos | grep bin The Tainted version makes use of S3 texture compression which is patent encumbered in some areas. Whiteboard:
(none) =>
has_procedure No PoC's AFAICT Testing complete mga2 32 Whiteboard:
has_procedure =>
has_procedure mga2-32-ok Advisory uploaded Mga2 64b testing complete Keywords:
(none) =>
validated_update Removing the validated_update keyword. This one requires testing on multiple types of hardware. Keywords:
validated_update =>
(none) Testing complete on x86_64 with a radeon hd5450 using the fglrx driver. Testing complete on i586 with a radeon hd5450 using the fglrx driver. Doesn't look like we're going to get more testers updating the bug report. Re-validating the bug report. Could someone from the sysadmin team push the update for mesa. The advisory 10569.adv is ready. Keywords:
(none) =>
validated_update mesa was updated to version 9.1 with X.Org updates for bug #10565, and the advisory also include those 2 CVEs. Should we just close this bug ? CC:
(none) =>
boklm Ah this one is for mageia 2, and bug #10565 only updates mesa on mageia 3. this one is just mesa srpm, where the mga3 update had a full x.org http://advisories.mageia.org/MGASA-2013-0190.html Status:
NEW =>
RESOLVED
Nicolas Vigier
2014-05-08 18:07:09 CEST
CC:
boklm =>
(none) |