Lucene search

Gentoo FoundationMGASA-2013-0190

HistoryJun 26, 2013 - 11:04 p.m.

Updated mesa packages fix multiple vulnerabilties

2013-06-2623:04:19

Gentoo Foundation

advisories.mageia.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.012

Percentile

85.5%

JSON

An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2013-1872). It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2013-1993).

OSVersionArchitecturePackageVersionFilename
Mageia2noarchmesa< 8.0.5-1.1mesa-8.0.5-1.1.mga2
Mageia2noarchmesa< 8.0.5-1.1mesa-8.0.5-1.1.mga2.tainted

OS	Version	Architecture	Package	Version	Filename
Mageia	2	noarch	mesa	< 8.0.5-1.1	mesa-8.0.5-1.1.mga2
Mageia	2	noarch	mesa	< 8.0.5-1.1	mesa-8.0.5-1.1.mga2.tainted

References

www.x.org/wiki/Development/Security/Advisory-2013-05-23

bugs.mageia.org/show_bug.cgi?id=10569

rhn.redhat.com/errata/RHSA-2013-0897.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.012

Percentile

85.5%

JSON

Related for MGASA-2013-0190