1 |
claire |
65 |
type: security |
2 |
|
|
subject: Updated mesa packages fix multiple vulnerabilties |
3 |
|
|
CVE: |
4 |
|
|
- CVE-2013-1872 |
5 |
|
|
- CVE-2013-1993 |
6 |
|
|
src: |
7 |
|
|
2: |
8 |
|
|
core: |
9 |
|
|
- mesa-8.0.5-1.1.mga2 |
10 |
|
|
tainted: |
11 |
|
|
- mesa-8.0.5-1.1.mga2.tainted |
12 |
|
|
description: | |
13 |
|
|
An out-of-bounds access flaw was found in Mesa. If an application using |
14 |
|
|
Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does |
15 |
|
|
this), an attacker could cause the application to crash or, potentially, |
16 |
|
|
execute arbitrary code with the privileges of the user running the |
17 |
|
|
application (CVE-2013-1872). |
18 |
|
|
|
19 |
|
|
It was found that Mesa did not correctly validate messages from the X |
20 |
|
|
server. A malicious X server could cause an application using Mesa to |
21 |
|
|
crash or, potentially, execute arbitrary code with the privileges of the |
22 |
|
|
user running the application (CVE-2013-1993). |
23 |
|
|
references: |
24 |
|
|
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 |
25 |
|
|
- https://rhn.redhat.com/errata/RHSA-2013-0897.html |
26 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=10569 |
27 |
boklm |
102 |
ID: MGASA-2013-0190 |