| 1 |
claire |
65 |
type: security |
| 2 |
|
|
subject: Updated mesa packages fix multiple vulnerabilties |
| 3 |
|
|
CVE: |
| 4 |
|
|
- CVE-2013-1872 |
| 5 |
|
|
- CVE-2013-1993 |
| 6 |
|
|
src: |
| 7 |
|
|
2: |
| 8 |
|
|
core: |
| 9 |
|
|
- mesa-8.0.5-1.1.mga2 |
| 10 |
|
|
tainted: |
| 11 |
|
|
- mesa-8.0.5-1.1.mga2.tainted |
| 12 |
|
|
description: | |
| 13 |
|
|
An out-of-bounds access flaw was found in Mesa. If an application using |
| 14 |
|
|
Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does |
| 15 |
|
|
this), an attacker could cause the application to crash or, potentially, |
| 16 |
|
|
execute arbitrary code with the privileges of the user running the |
| 17 |
|
|
application (CVE-2013-1872). |
| 18 |
|
|
|
| 19 |
|
|
It was found that Mesa did not correctly validate messages from the X |
| 20 |
|
|
server. A malicious X server could cause an application using Mesa to |
| 21 |
|
|
crash or, potentially, execute arbitrary code with the privileges of the |
| 22 |
|
|
user running the application (CVE-2013-1993). |
| 23 |
|
|
references: |
| 24 |
|
|
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 |
| 25 |
|
|
- https://rhn.redhat.com/errata/RHSA-2013-0897.html |
| 26 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=10569 |
| 27 |
boklm |
102 |
ID: MGASA-2013-0190 |
Parent Directory
| 
Revision Log