/[advisories]/10565.adv
ViewVC logotype

Contents of /10565.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 98 - (show annotations) (download)
Wed Jun 26 18:17:19 2013 UTC (4 years, 3 months ago) by boklm
File size: 3651 byte(s)
MGASA-2013-0186
1 type: security
2 subject: Updated X.org packages fix multiple security vulnerabilities
3 CVE:
4 - CVE-2013-1872
5 - CVE-2013-1981
6 - CVE-2013-1982
7 - CVE-2013-1983
8 - CVE-2013-1984
9 - CVE-2013-1985
10 - CVE-2013-1986
11 - CVE-2013-1987
12 - CVE-2013-1988
13 - CVE-2013-1989
14 - CVE-2013-1990
15 - CVE-2013-1991
16 - CVE-2013-1992
17 - CVE-2013-1993
18 - CVE-2013-1994
19 - CVE-2013-1995
20 - CVE-2013-1996
21 - CVE-2013-1997
22 - CVE-2013-1998
23 - CVE-2013-1999
24 - CVE-2013-2000
25 - CVE-2013-2001
26 - CVE-2013-2002
27 - CVE-2013-2003
28 - CVE-2013-2004
29 - CVE-2013-2005
30 - CVE-2013-2062
31 - CVE-2013-2063
32 - CVE-2013-2064
33 - CVE-2013-2066
34 src:
35 3:
36 core:
37 - libdmx-1.1.3-1.mga3
38 - libfs-1.0.5-1.mga3
39 - libx11-1.5.99.902-1.mga3
40 - libxcb-1.9.1-1.mga3
41 - libxcursor-1.1.14-1.mga3
42 - libxext-1.3.2-1.mga3
43 - libxfixes-5.0.1-1.mga3
44 - libxi-1.6.2.901-1.mga3
45 - libxinerama-1.1.3-1.mga3
46 - libxp-1.0.2-1.mga3
47 - libxrandr-1.4.1-1.mga3
48 - libxrender-0.9.8-1.mga3
49 - libxres-1.0.7-1.mga3
50 - libxt-1.1.4-1.mga3
51 - libxtst-1.2.2-1.mga3
52 - libxv-1.0.8-1.mga3
53 - libxvmc-1.0.8-1.mga3
54 - libxxf86dga-1.1.4-1.mga3
55 - libxxf86vm-1.1.3-1.mga3
56 - mesa-9.1.3-1.1.mga3
57 - x11-driver-video-openchrome-0.3.3-1.mga3
58 tainted:
59 - mesa-9.1.3-1.1.mga3.tainted
60 description: |
61 Ilja van Sprundel of IOActive discovered several security issues in multiple
62 components of the X.org graphics stack and the related libraries: Various
63 integer overflows, sign handling errors in integer conversions, buffer
64 overflows, memory corruption and missing input sanitising may lead to
65 privilege escalation or denial of service (CVE-2013-1981, CVE-2013-1982,
66 CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987,
67 CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-1992,
68 CVE-2013-1993, CVE-2013-1994, CVE-2013-1995, CVE-2013-1996, CVE-2013-1997,
69 CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002,
70 CVE-2013-2003, CVE-2013-2004, CVE-2013-2005, CVE-2013-2062, CVE-2013-2063,
71 CVE-2013-2064, CVE-2013-2066).
72
73 An out-of-bounds access flaw was found in Mesa. If an application using
74 Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does
75 this), an attacker could cause the application to crash or, potentially,
76 execute arbitrary code with the privileges of the user running the
77 application (CVE-2013-1872).
78 references:
79 - http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
80 - https://rhn.redhat.com/errata/RHSA-2013-0897.html
81 - http://www.debian.org/security/2013/dsa-2673
82 - http://www.debian.org/security/2013/dsa-2674
83 - http://www.debian.org/security/2013/dsa-2675
84 - http://www.debian.org/security/2013/dsa-2676
85 - http://www.debian.org/security/2013/dsa-2677
86 - http://www.debian.org/security/2013/dsa-2678
87 - http://www.debian.org/security/2013/dsa-2679
88 - http://www.debian.org/security/2013/dsa-2680
89 - http://www.debian.org/security/2013/dsa-2681
90 - http://www.debian.org/security/2013/dsa-2682
91 - http://www.debian.org/security/2013/dsa-2683
92 - http://www.debian.org/security/2013/dsa-2684
93 - http://www.debian.org/security/2013/dsa-2685
94 - http://www.debian.org/security/2013/dsa-2686
95 - http://www.debian.org/security/2013/dsa-2687
96 - http://www.debian.org/security/2013/dsa-2688
97 - http://www.debian.org/security/2013/dsa-2689
98 - http://www.debian.org/security/2013/dsa-2690
99 - http://www.debian.org/security/2013/dsa-2691
100 - http://www.debian.org/security/2013/dsa-2692
101 - http://www.debian.org/security/2013/dsa-2693
102 - https://bugs.mageia.org/show_bug.cgi?id=10565
103 ID: MGASA-2013-0186

  ViewVC Help
Powered by ViewVC 1.1.26