Vulnerabilities > CVE-2013-1993 - Numeric Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-198.NASL description An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) last seen 2020-06-01 modified 2020-06-02 plugin id 69756 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69756 title Amazon Linux AMI : mesa (ALAS-2013-198) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2013-198. # include("compat.inc"); if (description) { script_id(69756); script_version("1.5"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2013-1872", "CVE-2013-1993"); script_xref(name:"ALAS", value:"2013-198"); script_xref(name:"RHSA", value:"2013:0897"); script_name(english:"Amazon Linux AMI : mesa (ALAS-2013-198)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2013-198.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update mesa' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glx-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mesa-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mesa-libGL-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mesa-libGLU-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mesa-libOSMesa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mesa-libOSMesa-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"glx-utils-9.0-0.8.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mesa-debuginfo-9.0-0.8.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mesa-libGL-9.0-0.8.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mesa-libGL-devel-9.0-0.8.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mesa-libGLU-9.0-0.8.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mesa-libGLU-devel-9.0-0.8.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mesa-libOSMesa-9.0-0.8.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mesa-libOSMesa-devel-9.0-0.8.15.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glx-utils / mesa-debuginfo / mesa-libGL / mesa-libGL-devel / etc"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0898.NASL description From Red Hat Security Advisory 2013:0898 : Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68833 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68833 title Oracle Linux 5 : mesa (ELSA-2013-0898) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0898 and # Oracle Linux Security Advisory ELSA-2013-0898 respectively. # include("compat.inc"); if (description) { script_id(68833); script_version("1.6"); script_cvs_date("Date: 2019/09/30 10:58:18"); script_cve_id("CVE-2013-1993"); script_bugtraq_id(60149); script_xref(name:"RHSA", value:"2013:0898"); script_name(english:"Oracle Linux 5 : mesa (ELSA-2013-0898)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2013:0898 : Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-June/003503.html" ); script_set_attribute(attribute:"solution", value:"Update the affected mesa packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glx-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mesa-libGL-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mesa-libGLU-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mesa-libGLw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mesa-libGLw-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mesa-libOSMesa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mesa-libOSMesa-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mesa-source"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/15"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"glx-utils-6.5.1-7.11.el5_9")) flag++; if (rpm_check(release:"EL5", reference:"mesa-libGL-6.5.1-7.11.el5_9")) flag++; if (rpm_check(release:"EL5", reference:"mesa-libGL-devel-6.5.1-7.11.el5_9")) flag++; if (rpm_check(release:"EL5", reference:"mesa-libGLU-6.5.1-7.11.el5_9")) flag++; if (rpm_check(release:"EL5", reference:"mesa-libGLU-devel-6.5.1-7.11.el5_9")) flag++; if (rpm_check(release:"EL5", reference:"mesa-libGLw-6.5.1-7.11.el5_9")) flag++; if (rpm_check(release:"EL5", reference:"mesa-libGLw-devel-6.5.1-7.11.el5_9")) flag++; if (rpm_check(release:"EL5", reference:"mesa-libOSMesa-6.5.1-7.11.el5_9")) flag++; if (rpm_check(release:"EL5", reference:"mesa-libOSMesa-devel-6.5.1-7.11.el5_9")) flag++; if (rpm_check(release:"EL5", reference:"mesa-source-6.5.1-7.11.el5_9")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glx-utils / mesa-libGL / mesa-libGL-devel / mesa-libGLU / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0897.NASL description Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 66772 published 2013-06-03 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66772 title RHEL 6 : mesa (RHSA-2013:0897) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-182.NASL description Updated mesa packages fix multiple vulnerabilties An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2013-1872). It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2013-1993). last seen 2020-06-01 modified 2020-06-02 plugin id 67011 published 2013-06-28 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67011 title Mandriva Linux Security Advisory : mesa (MDVSA-2013:182) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_2EEBEBFFCD3B11E28F09001B38C3836C.NASL description freedesktop.org reports : Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org last seen 2020-06-01 modified 2020-06-02 plugin id 66798 published 2013-06-05 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66798 title FreeBSD : xorg -- protocol handling issues in X Window System client libraries (2eebebff-cd3b-11e2-8f09-001b38c3836c) NASL family Solaris Local Security Checks NASL id SOLARIS11_XORG_20130924.NASL description The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. (CVE-2013-1983) - Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. (CVE-2013-1986) - Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. (CVE-2013-1987) - Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions. (CVE-2013-1988) - Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function. (CVE-2013-1989) - Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions. (CVE-2013-1990) - Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions. (CVE-2013-1992) - Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions. (CVE-2013-1993) - Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function. (CVE-2013-1999) - Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions. (CVE-2013-2000) - Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function. (CVE-2013-2001) - Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function. (CVE-2013-2003) - Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. (CVE-2013-2063) - Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. (CVE-2013-2064) - Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function. (CVE-2013-2066) last seen 2020-06-01 modified 2020-06-02 plugin id 80819 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80819 title Oracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org) NASL family Scientific Linux Local Security Checks NASL id SL_20130603_MESA_ON_SL6_X.NASL description An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All running applications linked against Mesa must be restarted for this update to take effect. last seen 2020-03-18 modified 2013-06-04 plugin id 66779 published 2013-06-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66779 title Scientific Linux Security Update : mesa on SL6.x i386/x86_64 (20130603) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0897.NASL description From Red Hat Security Advisory 2013:0897 : Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68832 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68832 title Oracle Linux 6 : mesa (ELSA-2013-0897) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0898.NASL description Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 66776 published 2013-06-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66776 title CentOS 5 : mesa (CESA-2013:0898) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2678.NASL description Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. last seen 2020-03-17 modified 2013-05-24 plugin id 66562 published 2013-05-24 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66562 title Debian DSA-2678-1 : mesa - several vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-366.NASL description This Mesa update fixes the following security bug: CVE-2013-1993: Integer overflows in XF86DRIOpenConnection and XF86DRIGetClientDriverName were fixed that could lead to client crashes when using a malicious X server. This update fixes the following issue for Mesa on openSUSE 12.3 : - bnc#814947, fdo#62141: Make sure we do render between two hiz flushes last seen 2020-06-05 modified 2014-06-13 plugin id 74977 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74977 title openSUSE Security Update : Mesa (openSUSE-2013-366) NASL family SuSE Local Security Checks NASL id SUSE_11_MESA-130531.NASL description This update of Mesa fixes multiple integer overflows. last seen 2020-06-05 modified 2013-06-29 plugin id 67105 published 2013-06-29 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67105 title SuSE 11.2 Security Update : Mesa (SAT Patch Number 7805) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1888-1.NASL description It was discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. (CVE-2013-1872) Ilja van Sprundel discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. (CVE-2013-1993). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66961 published 2013-06-21 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66961 title Ubuntu 12.04 LTS / 12.10 / 13.04 : mesa, mesa-lts-quantal vulnerabilities (USN-1888-1) NASL family SuSE Local Security Checks NASL id SUSE_MESA-8604.NASL description This update of Mesa fixes multiple integer overflows. last seen 2020-06-05 modified 2013-07-12 plugin id 67255 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67255 title SuSE 10 Security Update : Mesa (ZYPP Patch Number 8604) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0898.NASL description Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 66773 published 2013-06-03 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66773 title RHEL 5 : mesa (RHSA-2013:0898) NASL family Scientific Linux Local Security Checks NASL id SL_20130603_MESA_ON_SL5_X.NASL description It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All running applications linked against Mesa must be restarted for this update to take effect. last seen 2020-03-18 modified 2013-06-04 plugin id 66778 published 2013-06-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66778 title Scientific Linux Security Update : mesa on SL5.x i386/x86_64 (20130603) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201405-07.NASL description The remote host is affected by the vulnerability described in GLSA-201405-07 (X.Org X Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 74028 published 2014-05-16 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74028 title GLSA-201405-07 : X.Org X Server: Multiple vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0897.NASL description Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 66775 published 2013-06-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66775 title CentOS 6 : mesa (CESA-2013:0897)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.openwall.com/lists/oss-security/2013/05/23/3
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
- http://www.debian.org/security/2013/dsa-2678
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00007.html
- http://rhn.redhat.com/errata/RHSA-2013-0898.html
- http://rhn.redhat.com/errata/RHSA-2013-0897.html
- http://www.ubuntu.com/usn/USN-1888-1
- http://advisories.mageia.org/MGASA-2013-0190.html
- http://lists.freedesktop.org/archives/mesa-dev/2013-May/039720.html
- http://lists.freedesktop.org/archives/mesa-dev/2013-May/039722.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:181