| 1 |
type: security |
| 2 |
subject: Updated mesa packages fix multiple vulnerabilties |
| 3 |
CVE: |
| 4 |
- CVE-2013-1872 |
| 5 |
- CVE-2013-1993 |
| 6 |
src: |
| 7 |
2: |
| 8 |
core: |
| 9 |
- mesa-8.0.5-1.1.mga2 |
| 10 |
tainted: |
| 11 |
- mesa-8.0.5-1.1.mga2.tainted |
| 12 |
description: | |
| 13 |
An out-of-bounds access flaw was found in Mesa. If an application using |
| 14 |
Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does |
| 15 |
this), an attacker could cause the application to crash or, potentially, |
| 16 |
execute arbitrary code with the privileges of the user running the |
| 17 |
application (CVE-2013-1872). |
| 18 |
|
| 19 |
It was found that Mesa did not correctly validate messages from the X |
| 20 |
server. A malicious X server could cause an application using Mesa to |
| 21 |
crash or, potentially, execute arbitrary code with the privileges of the |
| 22 |
user running the application (CVE-2013-1993). |
| 23 |
references: |
| 24 |
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 |
| 25 |
- https://rhn.redhat.com/errata/RHSA-2013-0897.html |
| 26 |
- https://bugs.mageia.org/show_bug.cgi?id=10569 |
| 27 |
ID: MGASA-2013-0190 |
Parent Directory
| 
Revision Log