| 1 |
type: security |
| 2 |
subject: Updated X.org packages fix multiple security vulnerabilities |
| 3 |
CVE: |
| 4 |
- CVE-2013-1872 |
| 5 |
- CVE-2013-1981 |
| 6 |
- CVE-2013-1982 |
| 7 |
- CVE-2013-1983 |
| 8 |
- CVE-2013-1984 |
| 9 |
- CVE-2013-1985 |
| 10 |
- CVE-2013-1986 |
| 11 |
- CVE-2013-1987 |
| 12 |
- CVE-2013-1988 |
| 13 |
- CVE-2013-1989 |
| 14 |
- CVE-2013-1990 |
| 15 |
- CVE-2013-1991 |
| 16 |
- CVE-2013-1992 |
| 17 |
- CVE-2013-1993 |
| 18 |
- CVE-2013-1994 |
| 19 |
- CVE-2013-1995 |
| 20 |
- CVE-2013-1996 |
| 21 |
- CVE-2013-1997 |
| 22 |
- CVE-2013-1998 |
| 23 |
- CVE-2013-1999 |
| 24 |
- CVE-2013-2000 |
| 25 |
- CVE-2013-2001 |
| 26 |
- CVE-2013-2002 |
| 27 |
- CVE-2013-2003 |
| 28 |
- CVE-2013-2004 |
| 29 |
- CVE-2013-2005 |
| 30 |
- CVE-2013-2062 |
| 31 |
- CVE-2013-2063 |
| 32 |
- CVE-2013-2064 |
| 33 |
- CVE-2013-2066 |
| 34 |
src: |
| 35 |
3: |
| 36 |
core: |
| 37 |
- libdmx-1.1.3-1.mga3 |
| 38 |
- libfs-1.0.5-1.mga3 |
| 39 |
- libx11-1.5.99.902-1.mga3 |
| 40 |
- libxcb-1.9.1-1.mga3 |
| 41 |
- libxcursor-1.1.14-1.mga3 |
| 42 |
- libxext-1.3.2-1.mga3 |
| 43 |
- libxfixes-5.0.1-1.mga3 |
| 44 |
- libxi-1.6.2.901-1.mga3 |
| 45 |
- libxinerama-1.1.3-1.mga3 |
| 46 |
- libxp-1.0.2-1.mga3 |
| 47 |
- libxrandr-1.4.1-1.mga3 |
| 48 |
- libxrender-0.9.8-1.mga3 |
| 49 |
- libxres-1.0.7-1.mga3 |
| 50 |
- libxt-1.1.4-1.mga3 |
| 51 |
- libxtst-1.2.2-1.mga3 |
| 52 |
- libxv-1.0.8-1.mga3 |
| 53 |
- libxvmc-1.0.8-1.mga3 |
| 54 |
- libxxf86dga-1.1.4-1.mga3 |
| 55 |
- libxxf86vm-1.1.3-1.mga3 |
| 56 |
- mesa-9.1.3-1.1.mga3 |
| 57 |
- x11-driver-video-openchrome-0.3.3-1.mga3 |
| 58 |
tainted: |
| 59 |
- libdmx-1.1.3-1.mga3.tainted |
| 60 |
- libfs-1.0.5-1.mga3.tainted |
| 61 |
- libx11-1.5.99.902-1.mga3.tainted |
| 62 |
- libxcb-1.9.1-1.mga3.tainted |
| 63 |
- libxcursor-1.1.14-1.mga3.tainted |
| 64 |
- libxext-1.3.2-1.mga3.tainted |
| 65 |
- libxfixes-5.0.1-1.mga3.tainted |
| 66 |
- libxi-1.6.2.901-1.mga3.tainted |
| 67 |
- libxinerama-1.1.3-1.mga3.tainted |
| 68 |
- libxp-1.0.2-1.mga3.tainted |
| 69 |
- libxrandr-1.4.1-1.mga3.tainted |
| 70 |
- libxrender-0.9.8-1.mga3.tainted |
| 71 |
- libxres-1.0.7-1.mga3.tainted |
| 72 |
- libxt-1.1.4-1.mga3.tainted |
| 73 |
- libxtst-1.2.2-1.mga3.tainted |
| 74 |
- libxv-1.0.8-1.mga3.tainted |
| 75 |
- libxvmc-1.0.8-1.mga3.tainted |
| 76 |
- libxxf86dga-1.1.4-1.mga3.tainted |
| 77 |
- libxxf86vm-1.1.3-1.mga3.tainted |
| 78 |
- mesa-9.1.3-1.1.mga3.tainted |
| 79 |
- x11-driver-video-openchrome-0.3.3-1.mga3.tainted |
| 80 |
description: | |
| 81 |
Ilja van Sprundel of IOActive discovered several security issues in multiple |
| 82 |
components of the X.org graphics stack and the related libraries: Various |
| 83 |
integer overflows, sign handling errors in integer conversions, buffer |
| 84 |
overflows, memory corruption and missing input sanitising may lead to |
| 85 |
privilege escalation or denial of service (CVE-2013-1981, CVE-2013-1982, |
| 86 |
CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, |
| 87 |
CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-1992, |
| 88 |
CVE-2013-1993, CVE-2013-1994, CVE-2013-1995, CVE-2013-1996, CVE-2013-1997, |
| 89 |
CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, |
| 90 |
CVE-2013-2003, CVE-2013-2004, CVE-2013-2005, CVE-2013-2062, CVE-2013-2063, |
| 91 |
CVE-2013-2064, CVE-2013-2066). |
| 92 |
|
| 93 |
An out-of-bounds access flaw was found in Mesa. If an application using |
| 94 |
Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does |
| 95 |
this), an attacker could cause the application to crash or, potentially, |
| 96 |
execute arbitrary code with the privileges of the user running the |
| 97 |
application (CVE-2013-1872). |
| 98 |
references: |
| 99 |
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 |
| 100 |
- https://rhn.redhat.com/errata/RHSA-2013-0897.html |
| 101 |
- http://www.debian.org/security/2013/dsa-2673 |
| 102 |
- http://www.debian.org/security/2013/dsa-2674 |
| 103 |
- http://www.debian.org/security/2013/dsa-2675 |
| 104 |
- http://www.debian.org/security/2013/dsa-2676 |
| 105 |
- http://www.debian.org/security/2013/dsa-2677 |
| 106 |
- http://www.debian.org/security/2013/dsa-2678 |
| 107 |
- http://www.debian.org/security/2013/dsa-2679 |
| 108 |
- http://www.debian.org/security/2013/dsa-2680 |
| 109 |
- http://www.debian.org/security/2013/dsa-2681 |
| 110 |
- http://www.debian.org/security/2013/dsa-2682 |
| 111 |
- http://www.debian.org/security/2013/dsa-2683 |
| 112 |
- http://www.debian.org/security/2013/dsa-2684 |
| 113 |
- http://www.debian.org/security/2013/dsa-2685 |
| 114 |
- http://www.debian.org/security/2013/dsa-2686 |
| 115 |
- http://www.debian.org/security/2013/dsa-2687 |
| 116 |
- http://www.debian.org/security/2013/dsa-2688 |
| 117 |
- http://www.debian.org/security/2013/dsa-2689 |
| 118 |
- http://www.debian.org/security/2013/dsa-2690 |
| 119 |
- http://www.debian.org/security/2013/dsa-2691 |
| 120 |
- http://www.debian.org/security/2013/dsa-2692 |
| 121 |
- http://www.debian.org/security/2013/dsa-2693 |
| 122 |
- https://bugs.mageia.org/show_bug.cgi?id=10565 |
Parent Directory
| 
Revision Log