1 |
claire |
68 |
type: security |
2 |
|
|
subject: Updated X.org packages fix multiple security vulnerabilities |
3 |
|
|
CVE: |
4 |
|
|
- CVE-2013-1872 |
5 |
|
|
- CVE-2013-1981 |
6 |
|
|
- CVE-2013-1982 |
7 |
|
|
- CVE-2013-1983 |
8 |
|
|
- CVE-2013-1984 |
9 |
|
|
- CVE-2013-1985 |
10 |
|
|
- CVE-2013-1986 |
11 |
|
|
- CVE-2013-1987 |
12 |
|
|
- CVE-2013-1988 |
13 |
|
|
- CVE-2013-1989 |
14 |
|
|
- CVE-2013-1990 |
15 |
|
|
- CVE-2013-1991 |
16 |
|
|
- CVE-2013-1992 |
17 |
|
|
- CVE-2013-1993 |
18 |
|
|
- CVE-2013-1994 |
19 |
|
|
- CVE-2013-1995 |
20 |
|
|
- CVE-2013-1996 |
21 |
|
|
- CVE-2013-1997 |
22 |
|
|
- CVE-2013-1998 |
23 |
|
|
- CVE-2013-1999 |
24 |
|
|
- CVE-2013-2000 |
25 |
|
|
- CVE-2013-2001 |
26 |
|
|
- CVE-2013-2002 |
27 |
|
|
- CVE-2013-2003 |
28 |
|
|
- CVE-2013-2004 |
29 |
|
|
- CVE-2013-2005 |
30 |
|
|
- CVE-2013-2062 |
31 |
|
|
- CVE-2013-2063 |
32 |
|
|
- CVE-2013-2064 |
33 |
|
|
- CVE-2013-2066 |
34 |
|
|
src: |
35 |
|
|
3: |
36 |
|
|
core: |
37 |
|
|
- libdmx-1.1.3-1.mga3 |
38 |
|
|
- libfs-1.0.5-1.mga3 |
39 |
|
|
- libx11-1.5.99.902-1.mga3 |
40 |
|
|
- libxcb-1.9.1-1.mga3 |
41 |
|
|
- libxcursor-1.1.14-1.mga3 |
42 |
|
|
- libxext-1.3.2-1.mga3 |
43 |
|
|
- libxfixes-5.0.1-1.mga3 |
44 |
|
|
- libxi-1.6.2.901-1.mga3 |
45 |
|
|
- libxinerama-1.1.3-1.mga3 |
46 |
|
|
- libxp-1.0.2-1.mga3 |
47 |
|
|
- libxrandr-1.4.1-1.mga3 |
48 |
|
|
- libxrender-0.9.8-1.mga3 |
49 |
|
|
- libxres-1.0.7-1.mga3 |
50 |
|
|
- libxt-1.1.4-1.mga3 |
51 |
|
|
- libxtst-1.2.2-1.mga3 |
52 |
|
|
- libxv-1.0.8-1.mga3 |
53 |
|
|
- libxvmc-1.0.8-1.mga3 |
54 |
|
|
- libxxf86dga-1.1.4-1.mga3 |
55 |
|
|
- libxxf86vm-1.1.3-1.mga3 |
56 |
|
|
- mesa-9.1.3-1.1.mga3 |
57 |
|
|
- x11-driver-video-openchrome-0.3.3-1.mga3 |
58 |
|
|
tainted: |
59 |
|
|
- libdmx-1.1.3-1.mga3.tainted |
60 |
|
|
- libfs-1.0.5-1.mga3.tainted |
61 |
|
|
- libx11-1.5.99.902-1.mga3.tainted |
62 |
|
|
- libxcb-1.9.1-1.mga3.tainted |
63 |
|
|
- libxcursor-1.1.14-1.mga3.tainted |
64 |
|
|
- libxext-1.3.2-1.mga3.tainted |
65 |
|
|
- libxfixes-5.0.1-1.mga3.tainted |
66 |
|
|
- libxi-1.6.2.901-1.mga3.tainted |
67 |
|
|
- libxinerama-1.1.3-1.mga3.tainted |
68 |
|
|
- libxp-1.0.2-1.mga3.tainted |
69 |
|
|
- libxrandr-1.4.1-1.mga3.tainted |
70 |
|
|
- libxrender-0.9.8-1.mga3.tainted |
71 |
|
|
- libxres-1.0.7-1.mga3.tainted |
72 |
|
|
- libxt-1.1.4-1.mga3.tainted |
73 |
|
|
- libxtst-1.2.2-1.mga3.tainted |
74 |
|
|
- libxv-1.0.8-1.mga3.tainted |
75 |
|
|
- libxvmc-1.0.8-1.mga3.tainted |
76 |
|
|
- libxxf86dga-1.1.4-1.mga3.tainted |
77 |
|
|
- libxxf86vm-1.1.3-1.mga3.tainted |
78 |
|
|
- mesa-9.1.3-1.1.mga3.tainted |
79 |
|
|
- x11-driver-video-openchrome-0.3.3-1.mga3.tainted |
80 |
|
|
description: | |
81 |
|
|
Ilja van Sprundel of IOActive discovered several security issues in multiple |
82 |
|
|
components of the X.org graphics stack and the related libraries: Various |
83 |
|
|
integer overflows, sign handling errors in integer conversions, buffer |
84 |
|
|
overflows, memory corruption and missing input sanitising may lead to |
85 |
|
|
privilege escalation or denial of service (CVE-2013-1981, CVE-2013-1982, |
86 |
|
|
CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, |
87 |
|
|
CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-1992, |
88 |
|
|
CVE-2013-1993, CVE-2013-1994, CVE-2013-1995, CVE-2013-1996, CVE-2013-1997, |
89 |
|
|
CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, |
90 |
|
|
CVE-2013-2003, CVE-2013-2004, CVE-2013-2005, CVE-2013-2062, CVE-2013-2063, |
91 |
|
|
CVE-2013-2064, CVE-2013-2066). |
92 |
|
|
|
93 |
|
|
An out-of-bounds access flaw was found in Mesa. If an application using |
94 |
|
|
Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does |
95 |
|
|
this), an attacker could cause the application to crash or, potentially, |
96 |
|
|
execute arbitrary code with the privileges of the user running the |
97 |
|
|
application (CVE-2013-1872). |
98 |
|
|
references: |
99 |
|
|
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 |
100 |
|
|
- https://rhn.redhat.com/errata/RHSA-2013-0897.html |
101 |
|
|
- http://www.debian.org/security/2013/dsa-2673 |
102 |
|
|
- http://www.debian.org/security/2013/dsa-2674 |
103 |
|
|
- http://www.debian.org/security/2013/dsa-2675 |
104 |
|
|
- http://www.debian.org/security/2013/dsa-2676 |
105 |
|
|
- http://www.debian.org/security/2013/dsa-2677 |
106 |
|
|
- http://www.debian.org/security/2013/dsa-2678 |
107 |
|
|
- http://www.debian.org/security/2013/dsa-2679 |
108 |
|
|
- http://www.debian.org/security/2013/dsa-2680 |
109 |
|
|
- http://www.debian.org/security/2013/dsa-2681 |
110 |
|
|
- http://www.debian.org/security/2013/dsa-2682 |
111 |
|
|
- http://www.debian.org/security/2013/dsa-2683 |
112 |
|
|
- http://www.debian.org/security/2013/dsa-2684 |
113 |
|
|
- http://www.debian.org/security/2013/dsa-2685 |
114 |
|
|
- http://www.debian.org/security/2013/dsa-2686 |
115 |
|
|
- http://www.debian.org/security/2013/dsa-2687 |
116 |
|
|
- http://www.debian.org/security/2013/dsa-2688 |
117 |
|
|
- http://www.debian.org/security/2013/dsa-2689 |
118 |
|
|
- http://www.debian.org/security/2013/dsa-2690 |
119 |
|
|
- http://www.debian.org/security/2013/dsa-2691 |
120 |
|
|
- http://www.debian.org/security/2013/dsa-2692 |
121 |
|
|
- http://www.debian.org/security/2013/dsa-2693 |
122 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=10565 |