1 |
type: security |
2 |
subject: Updated mesa packages fix multiple vulnerabilties |
3 |
CVE: |
4 |
- CVE-2013-1872 |
5 |
- CVE-2013-1993 |
6 |
src: |
7 |
2: |
8 |
core: |
9 |
- mesa-8.0.5-1.1.mga2 |
10 |
tainted: |
11 |
- mesa-8.0.5-1.1.mga2.tainted |
12 |
description: | |
13 |
An out-of-bounds access flaw was found in Mesa. If an application using |
14 |
Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does |
15 |
this), an attacker could cause the application to crash or, potentially, |
16 |
execute arbitrary code with the privileges of the user running the |
17 |
application (CVE-2013-1872). |
18 |
|
19 |
It was found that Mesa did not correctly validate messages from the X |
20 |
server. A malicious X server could cause an application using Mesa to |
21 |
crash or, potentially, execute arbitrary code with the privileges of the |
22 |
user running the application (CVE-2013-1993). |
23 |
references: |
24 |
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 |
25 |
- https://rhn.redhat.com/errata/RHSA-2013-0897.html |
26 |
- https://bugs.mageia.org/show_bug.cgi?id=10569 |