Bug 7381 - mesa new security issue CVE-2012-2864
: mesa new security issue CVE-2012-2864
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/515151/
: MGA2-64-OK MGA2-32-OK
: validated_update
: 2317
:
  Show dependency treegraph
 
Reported: 2012-09-06 23:04 CEST by David Walser
Modified: 2012-09-10 23:02 CEST (History)
8 users (show)

See Also:
Source RPM: mesa-8.0.2-2.mga2.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2012-09-06 23:04:49 CEST
OpenSuSE has issued an advisory today (September 6):
http://lists.opensuse.org/opensuse-updates/2012-09/msg00036.html

Olivier Blin has said he'll fix it in Cauldron.

Mageia 1 is not affected, as the affected code was introduced in 8.0.

I have submitted a patched mesa-8.0.2-2.1.mga2 to Mageia 2 to fix it.
Comment 1 David Walser 2012-09-06 23:08:41 CEST
Note to self to submit the build to tainted as well.
Comment 2 David Walser 2012-09-07 03:00:20 CEST
Patched package uploaded for Mageia 2.

Advisory:
========================

Updated mesa packages fix security vulnerability:

The glsl shaders are vulnerable to a buffer overrun in
parcel_out_uniform_storage::visit_field.  When too many uniforms are used,
the error will now be caught in check_resources (src/glsl/linker.cpp)
(CVE-2012-2864).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2864
http://lists.opensuse.org/opensuse-updates/2012-09/msg00036.html
========================

Updated packages in {core,tainted}/updates_testing:
========================
mesa-8.0.2-2.1.mga2
libmesagl1-8.0.2-2.1.mga2
libdri-drivers-8.0.2-2.1.mga2
libmesagl1-devel-8.0.2-2.1.mga2
libmesaglu1-8.0.2-2.1.mga2
libmesaglu1-devel-8.0.2-2.1.mga2
libmesaegl1-8.0.2-2.1.mga2
libmesaegl1-devel-8.0.2-2.1.mga2
libglapi0-8.0.2-2.1.mga2
libglapi0-devel-8.0.2-2.1.mga2
libmesaglesv1_1-8.0.2-2.1.mga2
libmesaglesv1_1-devel-8.0.2-2.1.mga2
libmesaglesv2_2-8.0.2-2.1.mga2
libmesaglesv2_2-devel-8.0.2-2.1.mga2
libmesaopenvg1-8.0.2-2.1.mga2
libmesaopenvg1-devel-8.0.2-2.1.mga2
libgbm1-8.0.2-2.1.mga2
libgbm1-devel-8.0.2-2.1.mga2
libwayland-egl1-8.0.2-2.1.mga2
libwayland-egl1-devel-8.0.2-2.1.mga2
mesa-common-devel-8.0.2-2.1.mga2

from mesa-8.0.2-2.1.mga2.src.rpm
Comment 3 Thierry Vignaud 2012-09-07 09:54:19 CEST
I've updated it to 8.0.4 to both core & tainted's updates_testing (many bug fixes and only that)

http://mesa3d.org/relnotes-8.0.3.html
http://cgit.freedesktop.org/mesa/mesa/plain/docs/relnotes-8.0.4.html
Comment 4 David Walser 2012-09-07 13:30:32 CEST
(In reply to comment #3)
> I've updated it to 8.0.4 to both core & tainted's updates_testing (many bug
> fixes and only that)

Thanks.  You forgot to remove the subrel and set the release tag back to 1.
Comment 5 Anderson Carvalho 2012-09-07 13:38:26 CEST
I installed 8.0.4 tainted for test! Mageia 2 x86_64
Comment 6 David Walser 2012-09-07 13:50:34 CEST
*** Bug 6674 has been marked as a duplicate of this bug. ***
Comment 7 Anderson Carvalho 2012-09-07 13:52:06 CEST
Why lib64mesaglw1 is at version 7.11.2-5.mga2.tainted yet? Source: mesa-7.11.2-5.mga2.tainted.src.rpm 
No longer exists this package in versions 8.0.x?
Comment 8 David Walser 2012-09-07 13:56:32 CEST
There is no libmesaglw1 provided by this package, so I guess it should have been Obsoleted.  Does any package depend on libmesaglw1?
Comment 9 Anderson Carvalho 2012-09-07 14:04:35 CEST
Apparently is the only package that supports: "GLw adds Motif bindings to the OpenGL "canvas" (Xt/Motif/OpenGL widget code)."
Comment 10 David Walser 2012-09-07 14:17:38 CEST
I just checked, and there is no libmesaglw1 package in Mageia 2.  It must be a leftover on your system from Mageia 1.  You should be able to safely remove it.  As a matter of fact, nothing required it in Mageia 1 either.
Comment 11 Anderson Carvalho 2012-09-07 14:38:04 CEST
No, it is in the repository Mageia 2 Yes, see:

http://pkgs.org/search/?keyword=libmesaglw1&search_on=name&distro=118&arch=32-bit

or

http://mirror.yandex.ru/mageia/distrib/2/i586/media/tainted/release/libmesaglw1-7.11.2-5.mga2.tainted.i586.rpm

Browse the repository Tainted Release (distrib21) and you will find the package libmesaglw1 in Mageia 2!
Comment 12 David Walser 2012-09-07 14:46:20 CEST
Ahh, well it's not in core, so it should have been deleted from tainted before the release.
Comment 13 Dave Hodgins 2012-09-09 21:32:37 CEST
Testing complete on Mageia 2 x86-64.

Just testing that speed-dreams works.
Comment 14 Dave Hodgins 2012-09-09 22:16:44 CEST
Testing complete on Mageia 2 i586.

Could someone from the sysadmin team push the srpm
mesa-8.0.4-2.1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates and the srpm
mesa-8.0.4-2.1.mga2.tainted.src.rpm
from Tainted Updates Testing to Tainted Updates.

Advisory: Updated mesa packages fix security vulnerability:

The glsl shaders are vulnerable to a buffer overrun in
parcel_out_uniform_storage::visit_field.  When too many uniforms are used,
the error will now be caught in check_resources (src/glsl/linker.cpp)
(CVE-2012-2864).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2864
http://lists.opensuse.org/opensuse-updates/2012-09/msg00036.html

https://bugs.mageia.org/show_bug.cgi?id=7381
Comment 15 David Walser 2012-09-09 23:51:43 CEST
Addendum to the advisory:

Additionally, Mesa has been updated to 8.0.4, fixing several bugs.

References:
http://mesa3d.org/relnotes-8.0.3.html
http://cgit.freedesktop.org/mesa/mesa/plain/docs/relnotes-8.0.4.html
Comment 16 Thomas Backlund 2012-09-10 19:47:08 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0264
Comment 17 AL13N 2012-09-10 21:49:53 CEST
i'm afraid that lib64mesagl1 seems to require lib64txc-dxtn (only 64bit does that for some weird reason)

this breaks updates...
Comment 18 David Walser 2012-09-10 21:52:44 CEST
Would this be the core or tainted version?

I guess that means it will require linking.
Comment 19 claire robinson 2012-09-10 21:54:18 CEST
Problems reported with updates to tainted, adding bug 2317 to depends and running through depcheck
Comment 20 claire robinson 2012-09-10 21:55:28 CEST
Sorry, didn't mean to close it
Comment 21 claire robinson 2012-09-10 22:09:49 CEST
The problems seem to stem from an update from Tainted Release to Tainted Updates.

Heres the list..

glibc-devel-2.14.1-8.mga2 (Core 32bit Release)
glibc-devel-2.14.1-8.mga2 (Core Release)
lib64drm-devel-2.4.33-1.mga2 (Core Release)
lib64ffi5-devel-3.0.10-1.mga2 (Core Release)
lib64kms1-2.4.33-1.mga2 (Core Release)
lib64pciaccess-devel-0.13-1.mga2 (Core Release)
lib64uClibc-devel-0.9.30.3-2.mga1 (Core Release)
lib64udev0-devel-181-8.mga2 (Core Release)
lib64wayland-client0-0.85.0-4.mga2 (Core Release)
lib64wayland-devel-0.85.0-4.mga2 (Core Release)
lib64wayland-server0-0.85.0-4.mga2 (Core Release)
lib64x11_6-devel-1.4.99.1-4.mga2 (Core Release)
lib64xau6-devel-1.0.7-1.mga2 (Core Release)
lib64xcb-composite0-1.8.1-1.mga2 (Core Release)
lib64xcb-damage0-1.8.1-1.mga2 (Core Release)
lib64xcb-devel-1.8.1-1.mga2 (Core Release)
lib64xcb-dpms0-1.8.1-1.mga2 (Core Release)
lib64xcb-randr0-1.8.1-1.mga2 (Core Release)
lib64xcb-record0-1.8.1-1.mga2 (Core Release)
lib64xcb-render0-1.8.1-1.mga2 (Core Release)
lib64xcb-res0-1.8.1-1.mga2 (Core Release)
lib64xcb-screensaver0-1.8.1-1.mga2 (Core Release)
lib64xcb-shape0-1.8.1-1.mga2 (Core Release)
lib64xcb-shm0-1.8.1-1.mga2 (Core Release)
lib64xcb-sync0-1.8.1-1.mga2 (Core Release)
lib64xcb-xevie0-1.8.1-1.mga2 (Core Release)
lib64xcb-xf86dri0-1.8.1-1.mga2 (Core Release)
lib64xcb-xfixes0-1.8.1-1.mga2 (Core Release)
lib64xcb-xinerama0-1.8.1-1.mga2 (Core Release)
lib64xcb-xprint0-1.8.1-1.mga2 (Core Release)
lib64xcb-xtest0-1.8.1-1.mga2 (Core Release)
lib64xcb-xv0-1.8.1-1.mga2 (Core Release)
lib64xcb-xvmc0-1.8.1-1.mga2 (Core Release)
lib64xdmcp6-devel-1.1.1-1.mga2 (Core Release)
libpthread-stubs-0.3-1.mga1 (Core 32bit Release)
libpthread-stubs-0.3-1.mga1 (Core Release)
x11-proto-devel-7.6-17.mga2 (Core 32bit Release)
x11-proto-devel-7.6-17.mga2 (Core Release)
Comment 22 David Walser 2012-09-10 22:37:15 CEST
(In reply to comment #21)
> Heres the list..

I don't see lib64txc-dxtn in that list...
Comment 23 Thomas Backlund 2012-09-10 22:39:41 CEST
(In reply to comment #22)
> (In reply to comment #21)
> > Heres the list..
> 
> I don't see lib64txc-dxtn in that list...

That's because I already linked it when it was reported on IRC
Comment 24 Anderson Carvalho 2012-09-10 22:41:08 CEST
How do I reproduce this problem. Here I upgraded by tainted updates repository normally.
Comment 25 Thomas Backlund 2012-09-10 22:53:19 CEST
(In reply to comment #24)
> How do I reproduce this problem. Here I upgraded by tainted updates repository
> normally.

did you use urpmi ?

this problem only shows up with the update applet.


Anyway, packages linked...
Comment 26 Anderson Carvalho 2012-09-10 23:02:38 CEST
Ok. I updated by drakrpm-update ...

Note You need to log in before you can comment on or make changes to this bug.