Bug 7920 - mesa new security issue CVE-2012-5129 (plus 8.0.5 update)
: mesa new security issue CVE-2012-5129 (plus 8.0.5 update)
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: major
: ---
Assigned To: QA Team
: Sec team
: http://lwn.net/Vulnerabilities/549579/
: has_procedure mga2-32-ok mga2-64-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-10-28 21:21 CET by Hans Micheelsen
Modified: 2013-05-09 20:43 CEST (History)
8 users (show)

See Also:
Source RPM: mesa-8.0.5-1.mga2.src.rpm mesa-8.0.5-1.mga2.tainted.src.rpm
CVE:
Status comment:


Attachments

Description Hans Micheelsen 2012-10-28 21:21:49 CET
Description of problem:
Mesa 8.0.5 is a bug fix release which fixes bugs found since the 8.0.4 release
It was released on October 24. Please update both Core and Tainted

Version-Release number of selected component (if applicable):
8.0.4 -> 8.0.5


Btw: In "rpm -q --info mesa" the description says that mesa is a openGL 2.1 compatible. It should be changed to openGL 3.0 compatible
Comment 1 Thierry Vignaud 2012-10-29 21:53:39 CET
I was wondering how much time would pass before someone ask this :-)
Comment 2 Hans Micheelsen 2012-10-29 23:47:11 CET
Sorry, I did hesitate one day after I saw the release note. Next time I'll be more swift.

How about 9.0.0 (or 9.0.1) in backports?
Comment 3 Thomas Backlund 2012-10-30 00:03:06 CET
(In reply to comment #2)

> How about 9.0.0 (or 9.0.1) in backports?

Nope. it wont happend... it is way too much of a core package to be allowed...

But Mga3 will have mesa 9.0+ along with other fun stuff..
Comment 4 Simon Putt 2012-11-29 15:54:05 CET
Any news on if 8.0.5 will happen? it has quite a few bug fixes.

Many thanks.
Comment 5 Thierry Vignaud 2012-11-29 20:54:11 CET
Anybody can do it...
Comment 6 Thierry Vignaud 2012-11-29 21:21:32 CET
upload in progress
Comment 7 Remco Rijnders 2012-11-29 21:41:02 CET
Thanks tv for uploading this. Please assign to qa-bugs when it is ready :-)

Changelog: http://www.mesa3d.org/relnotes-8.0.5.html
Comment 8 Simon Putt 2012-11-30 20:33:23 CET
Thanks for the upload :), testing now
Comment 9 Hans Micheelsen 2012-11-30 22:41:32 CET
I've done a (pseudo) testing with Flightgear, gl-117 and glxgears. I know this is not a real test, just an indication, but those three applications work without problem - with ATI R7770
Comment 10 Simon Putt 2012-12-01 18:36:52 CET
been testing with OpenArena, Saurbraten, and PrBoom-plus, and Yamagi Quake2 no regressions or slowdowns, using OSS Radeon drivers on a AMD HD6770, also no bugs/regressions in Gnome-shell (tho it seems a little less laggy)

Graphics:  Card: ATI Juniper XT [AMD Radeon HD 6000 Series] X.Org: 1.11.4 driver: radeon Resolution: 2048x1152@59.9hz 
           GLX Renderer: Gallium 0.4 on AMD JUNIPER GLX Version: 2.1 Mesa 8.0.5
Comment 11 Thomas Backlund 2012-12-06 13:34:53 CET
We'll hold off on this for now, as there is a security issue that should go out at the same time, but the fix is not validated upstream yet:

http://www.mail-archive.com/mesa-dev@lists.freedesktop.org/msg29015.html
Comment 12 Hans Micheelsen 2013-02-19 16:58:03 CET
Any news?
Comment 13 Simon Putt 2013-02-19 17:25:42 CET
when i was still on mga2, i did not have any issues with this, played many opengl games and no issues with gnome-shell
Comment 14 Hans Micheelsen 2013-02-19 17:41:50 CET
Seems to be stalled at mesa. Got this from mesa-dev mailing list:

>>snip snip>>

On Sat, Dec 15, 2012 at 7:02 AM, Stéphane Marchesin
<stephane.marche...@gmail.com> wrote:
> On Fri, Dec 14, 2012 at 12:52 PM, Frank Henigman <fjhenig...@google.com> 
> wrote:
>> No piglet regressions and now passes glsl-uniform-out-of-bounds-2.
>>
>>
Should this have gone into the stable 9.0 branch?

<<snip snip<<
Comment 15 David Walser 2013-05-07 19:23:37 CEST
The patch Thomas linked in Commment 11 is now upstream:
http://cgit.freedesktop.org/mesa/mesa/commit/src/mesa/main/uniform_query.cpp?id=46e3aeb07702f57d389fbfcade9d4ef66218dc53

It made it into the mesa version we have in Cauldron, but not in 8.0.5.

It was also assigned CVE-2012-5129.

Ubuntu has issued an advisory for this today (May 7):
http://www.ubuntu.com/usn/usn-1818-1/

Patched package uploaded for Mageia 2.

Note to QA: since our last update (8.0.4 + a security patch), tv updated this to 8.0.5.  He also forgot to reset the release tag (and remove the subrel), so I had to get it removed from updates_testing.  If you installed packages from mesa-8.0.5-2.1.mga2.src.rpm, you'll need to remove them to test this update.

Advisory:
========================

Updated mesa packages fix security vulnerability:

It was discovered that Mesa incorrectly handled certain arrays. An attacker
could use this issue to cause Mesa to crash, resulting in a denial of
service, or possibly execute arbitrary code (CVE-2012-5129).

Mesa has also been updated to version 8.0.5, fixing several bugs.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5129
http://mesa3d.org/relnotes/8.0.5.html
http://www.ubuntu.com/usn/usn-1818-1/
========================

Updated packages in {core,tainted}/updates_testing:
========================
mesa-8.0.5-1.mga2
libmesagl1-8.0.5-1.mga2
libdri-drivers-8.0.5-1.mga2
libmesagl1-devel-8.0.5-1.mga2
libmesaglu1-8.0.5-1.mga2
libmesaglu1-devel-8.0.5-1.mga2
libmesaegl1-8.0.5-1.mga2
libmesaegl1-devel-8.0.5-1.mga2
libglapi0-8.0.5-1.mga2
libglapi0-devel-8.0.5-1.mga2
libmesaglesv1_1-8.0.5-1.mga2
libmesaglesv1_1-devel-8.0.5-1.mga2
libmesaglesv2_2-8.0.5-1.mga2
libmesaglesv2_2-devel-8.0.5-1.mga2
libmesaopenvg1-8.0.5-1.mga2
libmesaopenvg1-devel-8.0.5-1.mga2
libgbm1-8.0.5-1.mga2
libgbm1-devel-8.0.5-1.mga2
libwayland-egl1-8.0.5-1.mga2
libwayland-egl1-devel-8.0.5-1.mga2
mesa-common-devel-8.0.5-1.mga2

from mesa-8.0.5-1.mga2.src.rpm
Comment 16 claire robinson 2013-05-08 20:07:48 CEST
No public PoC.

Testing can be done with demos from the mesa-demos package.

Run various commands from 'urpmf mesa-demos | grep bin'

The tainted version of mesa adds support for S3 texture compression, which can be tested with 'glxinfo | grep s3tc'.
Comment 17 claire robinson 2013-05-08 20:09:34 CEST
Again, there are two separate srpms

mesa-8.0.5-1.mga2.src.rpm 
mesa-8.0.5-1.mga2.tainted.src.rpm
Comment 18 claire robinson 2013-05-09 17:53:28 CEST
Testing complete mga2 32 & 64

Various mesa-demos commands plus flightgear & asteroids3D on core and tainted versions

Validating

Advisory:
========================

Updated mesa packages fix security vulnerability:

It was discovered that Mesa incorrectly handled certain arrays. An attacker
could use this issue to cause Mesa to crash, resulting in a denial of
service, or possibly execute arbitrary code (CVE-2012-5129).

Mesa has also been updated to version 8.0.5, fixing several bugs.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5129
http://mesa3d.org/relnotes/8.0.5.html
http://www.ubuntu.com/usn/usn-1818-1/
========================

SRPMs:
mesa-8.0.5-1.mga2.src.rpm 
mesa-8.0.5-1.mga2.tainted.src.rpm

Could sysadmin please push from core & tainted updates testing to core & tainted updates.

Thanks!
Comment 19 Thomas Backlund 2013-05-09 20:43:13 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0143

Note You need to log in before you can comment on or make changes to this bug.