/[advisories]/10565.adv
ViewVC logotype

Contents of /10565.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 68 - (show annotations) (download)
Tue Jun 25 07:13:31 2013 UTC (8 years, 5 months ago) by claire
File size: 4389 byte(s)
Adding advisory for 3 X.org update bug 10565
1 type: security
2 subject: Updated X.org packages fix multiple security vulnerabilities
3 CVE:
4 - CVE-2013-1872
5 - CVE-2013-1981
6 - CVE-2013-1982
7 - CVE-2013-1983
8 - CVE-2013-1984
9 - CVE-2013-1985
10 - CVE-2013-1986
11 - CVE-2013-1987
12 - CVE-2013-1988
13 - CVE-2013-1989
14 - CVE-2013-1990
15 - CVE-2013-1991
16 - CVE-2013-1992
17 - CVE-2013-1993
18 - CVE-2013-1994
19 - CVE-2013-1995
20 - CVE-2013-1996
21 - CVE-2013-1997
22 - CVE-2013-1998
23 - CVE-2013-1999
24 - CVE-2013-2000
25 - CVE-2013-2001
26 - CVE-2013-2002
27 - CVE-2013-2003
28 - CVE-2013-2004
29 - CVE-2013-2005
30 - CVE-2013-2062
31 - CVE-2013-2063
32 - CVE-2013-2064
33 - CVE-2013-2066
34 src:
35 3:
36 core:
37 - libdmx-1.1.3-1.mga3
38 - libfs-1.0.5-1.mga3
39 - libx11-1.5.99.902-1.mga3
40 - libxcb-1.9.1-1.mga3
41 - libxcursor-1.1.14-1.mga3
42 - libxext-1.3.2-1.mga3
43 - libxfixes-5.0.1-1.mga3
44 - libxi-1.6.2.901-1.mga3
45 - libxinerama-1.1.3-1.mga3
46 - libxp-1.0.2-1.mga3
47 - libxrandr-1.4.1-1.mga3
48 - libxrender-0.9.8-1.mga3
49 - libxres-1.0.7-1.mga3
50 - libxt-1.1.4-1.mga3
51 - libxtst-1.2.2-1.mga3
52 - libxv-1.0.8-1.mga3
53 - libxvmc-1.0.8-1.mga3
54 - libxxf86dga-1.1.4-1.mga3
55 - libxxf86vm-1.1.3-1.mga3
56 - mesa-9.1.3-1.1.mga3
57 - x11-driver-video-openchrome-0.3.3-1.mga3
58 tainted:
59 - libdmx-1.1.3-1.mga3.tainted
60 - libfs-1.0.5-1.mga3.tainted
61 - libx11-1.5.99.902-1.mga3.tainted
62 - libxcb-1.9.1-1.mga3.tainted
63 - libxcursor-1.1.14-1.mga3.tainted
64 - libxext-1.3.2-1.mga3.tainted
65 - libxfixes-5.0.1-1.mga3.tainted
66 - libxi-1.6.2.901-1.mga3.tainted
67 - libxinerama-1.1.3-1.mga3.tainted
68 - libxp-1.0.2-1.mga3.tainted
69 - libxrandr-1.4.1-1.mga3.tainted
70 - libxrender-0.9.8-1.mga3.tainted
71 - libxres-1.0.7-1.mga3.tainted
72 - libxt-1.1.4-1.mga3.tainted
73 - libxtst-1.2.2-1.mga3.tainted
74 - libxv-1.0.8-1.mga3.tainted
75 - libxvmc-1.0.8-1.mga3.tainted
76 - libxxf86dga-1.1.4-1.mga3.tainted
77 - libxxf86vm-1.1.3-1.mga3.tainted
78 - mesa-9.1.3-1.1.mga3.tainted
79 - x11-driver-video-openchrome-0.3.3-1.mga3.tainted
80 description: |
81 Ilja van Sprundel of IOActive discovered several security issues in multiple
82 components of the X.org graphics stack and the related libraries: Various
83 integer overflows, sign handling errors in integer conversions, buffer
84 overflows, memory corruption and missing input sanitising may lead to
85 privilege escalation or denial of service (CVE-2013-1981, CVE-2013-1982,
86 CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987,
87 CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-1992,
88 CVE-2013-1993, CVE-2013-1994, CVE-2013-1995, CVE-2013-1996, CVE-2013-1997,
89 CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002,
90 CVE-2013-2003, CVE-2013-2004, CVE-2013-2005, CVE-2013-2062, CVE-2013-2063,
91 CVE-2013-2064, CVE-2013-2066).
92
93 An out-of-bounds access flaw was found in Mesa. If an application using
94 Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does
95 this), an attacker could cause the application to crash or, potentially,
96 execute arbitrary code with the privileges of the user running the
97 application (CVE-2013-1872).
98 references:
99 - http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
100 - https://rhn.redhat.com/errata/RHSA-2013-0897.html
101 - http://www.debian.org/security/2013/dsa-2673
102 - http://www.debian.org/security/2013/dsa-2674
103 - http://www.debian.org/security/2013/dsa-2675
104 - http://www.debian.org/security/2013/dsa-2676
105 - http://www.debian.org/security/2013/dsa-2677
106 - http://www.debian.org/security/2013/dsa-2678
107 - http://www.debian.org/security/2013/dsa-2679
108 - http://www.debian.org/security/2013/dsa-2680
109 - http://www.debian.org/security/2013/dsa-2681
110 - http://www.debian.org/security/2013/dsa-2682
111 - http://www.debian.org/security/2013/dsa-2683
112 - http://www.debian.org/security/2013/dsa-2684
113 - http://www.debian.org/security/2013/dsa-2685
114 - http://www.debian.org/security/2013/dsa-2686
115 - http://www.debian.org/security/2013/dsa-2687
116 - http://www.debian.org/security/2013/dsa-2688
117 - http://www.debian.org/security/2013/dsa-2689
118 - http://www.debian.org/security/2013/dsa-2690
119 - http://www.debian.org/security/2013/dsa-2691
120 - http://www.debian.org/security/2013/dsa-2692
121 - http://www.debian.org/security/2013/dsa-2693
122 - https://bugs.mageia.org/show_bug.cgi?id=10565

  ViewVC Help
Powered by ViewVC 1.1.28