1 |
type: security |
2 |
subject: Updated X.org packages fix multiple security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2013-1872 |
5 |
- CVE-2013-1981 |
6 |
- CVE-2013-1982 |
7 |
- CVE-2013-1983 |
8 |
- CVE-2013-1984 |
9 |
- CVE-2013-1985 |
10 |
- CVE-2013-1986 |
11 |
- CVE-2013-1987 |
12 |
- CVE-2013-1988 |
13 |
- CVE-2013-1989 |
14 |
- CVE-2013-1990 |
15 |
- CVE-2013-1991 |
16 |
- CVE-2013-1992 |
17 |
- CVE-2013-1993 |
18 |
- CVE-2013-1994 |
19 |
- CVE-2013-1995 |
20 |
- CVE-2013-1996 |
21 |
- CVE-2013-1997 |
22 |
- CVE-2013-1998 |
23 |
- CVE-2013-1999 |
24 |
- CVE-2013-2000 |
25 |
- CVE-2013-2001 |
26 |
- CVE-2013-2002 |
27 |
- CVE-2013-2003 |
28 |
- CVE-2013-2004 |
29 |
- CVE-2013-2005 |
30 |
- CVE-2013-2062 |
31 |
- CVE-2013-2063 |
32 |
- CVE-2013-2064 |
33 |
- CVE-2013-2066 |
34 |
src: |
35 |
3: |
36 |
core: |
37 |
- libdmx-1.1.3-1.mga3 |
38 |
- libfs-1.0.5-1.mga3 |
39 |
- libx11-1.5.99.902-1.mga3 |
40 |
- libxcb-1.9.1-1.mga3 |
41 |
- libxcursor-1.1.14-1.mga3 |
42 |
- libxext-1.3.2-1.mga3 |
43 |
- libxfixes-5.0.1-1.mga3 |
44 |
- libxi-1.6.2.901-1.mga3 |
45 |
- libxinerama-1.1.3-1.mga3 |
46 |
- libxp-1.0.2-1.mga3 |
47 |
- libxrandr-1.4.1-1.mga3 |
48 |
- libxrender-0.9.8-1.mga3 |
49 |
- libxres-1.0.7-1.mga3 |
50 |
- libxt-1.1.4-1.mga3 |
51 |
- libxtst-1.2.2-1.mga3 |
52 |
- libxv-1.0.8-1.mga3 |
53 |
- libxvmc-1.0.8-1.mga3 |
54 |
- libxxf86dga-1.1.4-1.mga3 |
55 |
- libxxf86vm-1.1.3-1.mga3 |
56 |
- mesa-9.1.3-1.1.mga3 |
57 |
- x11-driver-video-openchrome-0.3.3-1.mga3 |
58 |
tainted: |
59 |
- mesa-9.1.3-1.1.mga3.tainted |
60 |
description: | |
61 |
Ilja van Sprundel of IOActive discovered several security issues in multiple |
62 |
components of the X.org graphics stack and the related libraries: Various |
63 |
integer overflows, sign handling errors in integer conversions, buffer |
64 |
overflows, memory corruption and missing input sanitising may lead to |
65 |
privilege escalation or denial of service (CVE-2013-1981, CVE-2013-1982, |
66 |
CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, |
67 |
CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-1992, |
68 |
CVE-2013-1993, CVE-2013-1994, CVE-2013-1995, CVE-2013-1996, CVE-2013-1997, |
69 |
CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, |
70 |
CVE-2013-2003, CVE-2013-2004, CVE-2013-2005, CVE-2013-2062, CVE-2013-2063, |
71 |
CVE-2013-2064, CVE-2013-2066). |
72 |
|
73 |
An out-of-bounds access flaw was found in Mesa. If an application using |
74 |
Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does |
75 |
this), an attacker could cause the application to crash or, potentially, |
76 |
execute arbitrary code with the privileges of the user running the |
77 |
application (CVE-2013-1872). |
78 |
references: |
79 |
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 |
80 |
- https://rhn.redhat.com/errata/RHSA-2013-0897.html |
81 |
- http://www.debian.org/security/2013/dsa-2673 |
82 |
- http://www.debian.org/security/2013/dsa-2674 |
83 |
- http://www.debian.org/security/2013/dsa-2675 |
84 |
- http://www.debian.org/security/2013/dsa-2676 |
85 |
- http://www.debian.org/security/2013/dsa-2677 |
86 |
- http://www.debian.org/security/2013/dsa-2678 |
87 |
- http://www.debian.org/security/2013/dsa-2679 |
88 |
- http://www.debian.org/security/2013/dsa-2680 |
89 |
- http://www.debian.org/security/2013/dsa-2681 |
90 |
- http://www.debian.org/security/2013/dsa-2682 |
91 |
- http://www.debian.org/security/2013/dsa-2683 |
92 |
- http://www.debian.org/security/2013/dsa-2684 |
93 |
- http://www.debian.org/security/2013/dsa-2685 |
94 |
- http://www.debian.org/security/2013/dsa-2686 |
95 |
- http://www.debian.org/security/2013/dsa-2687 |
96 |
- http://www.debian.org/security/2013/dsa-2688 |
97 |
- http://www.debian.org/security/2013/dsa-2689 |
98 |
- http://www.debian.org/security/2013/dsa-2690 |
99 |
- http://www.debian.org/security/2013/dsa-2691 |
100 |
- http://www.debian.org/security/2013/dsa-2692 |
101 |
- http://www.debian.org/security/2013/dsa-2693 |
102 |
- https://bugs.mageia.org/show_bug.cgi?id=10565 |