ID CVE-2013-1993
Summary Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.
References
Vulnerable Configurations
  • Mesa3D.org Mesa 9.1.1
    cpe:2.3:a:mesa3d:mesa:9.1.1
  • Mesa3D.org Mesa 9.1
    cpe:2.3:a:mesa3d:mesa:9.1
  • Mesa3D.org Mesa 9.0.3
    cpe:2.3:a:mesa3d:mesa:9.0.3
  • Mesa3D.org Mesa 9.0.2
    cpe:2.3:a:mesa3d:mesa:9.0.2
  • Mesa3D.org Mesa 9.0.1
    cpe:2.3:a:mesa3d:mesa:9.0.1
  • Mesa3D.org Mesa 9.0
    cpe:2.3:a:mesa3d:mesa:9.0
  • X.org libGLX
    cpe:2.3:a:x:libglx
CVSS
Base: 6.8 (as of 17-06-2013 - 12:18)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0898.NASL
    description Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66773
    published 2013-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66773
    title RHEL 5 : mesa (RHSA-2013:0898)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201405-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201405-07 (X.Org X Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 74028
    published 2014-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74028
    title GLSA-201405-07 : X.Org X Server: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_2EEBEBFFCD3B11E28F09001B38C3836C.NASL
    description freedesktop.org reports : Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. Most of these issues stem from the client libraries trusting the server to send correct protocol data, and not verifying that the values will not overflow or cause other damage. Most of the time X clients & servers are run by the same user, with the server more privileged from the clients, so this is not a problem, but there are scenarios in which a privileged client can be connected to an unprivileged server, for instance, connecting a setuid X client (such as a screen lock program) to a virtual X server (such as Xvfb or Xephyr) which the user has modified to return invalid data, potentially allowing the user to escalate their privileges. The vulnerabilities include : Integer overflows calculating memory needs for replies. Sign extension issues calculating memory needs for replies. Buffer overflows due to not validating length or offset values in replies. Integer overflows parsing user-specified files. Unbounded recursion parsing user-specified files. Memory corruption due to unchecked return values.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66798
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66798
    title FreeBSD : xorg -- protocol handling issues in X Window System client libraries (2eebebff-cd3b-11e2-8f09-001b38c3836c)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130603_MESA_ON_SL5_X.NASL
    description It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All running applications linked against Mesa must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 66778
    published 2013-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66778
    title Scientific Linux Security Update : mesa on SL5.x i386/x86_64
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-198.NASL
    description An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69756
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69756
    title Amazon Linux AMI : mesa (ALAS-2013-198)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-182.NASL
    description Updated mesa packages fix multiple vulnerabilties An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2013-1872). It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2013-1993).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 67011
    published 2013-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67011
    title Mandriva Linux Security Advisory : mesa (MDVSA-2013:182)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130603_MESA_ON_SL6_X.NASL
    description An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All running applications linked against Mesa must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 66779
    published 2013-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66779
    title Scientific Linux Security Update : mesa on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MESA-130531.NASL
    description This update of Mesa fixes multiple integer overflows.
    last seen 2018-09-01
    modified 2013-10-25
    plugin id 67105
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67105
    title SuSE 11.2 Security Update : Mesa (SAT Patch Number 7805)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-366.NASL
    description This Mesa update fixes the following security bug: CVE-2013-1993: Integer overflows in XF86DRIOpenConnection and XF86DRIGetClientDriverName were fixed that could lead to client crashes when using a malicious X server. This update fixes the following issue for Mesa on openSUSE 12.3 : - bnc#814947, fdo#62141: Make sure we do render between two hiz flushes
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74977
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74977
    title openSUSE Security Update : Mesa (openSUSE-2013-366)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1888-1.NASL
    description It was discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. (CVE-2013-1872) Ilja van Sprundel discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. (CVE-2013-1993). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 66961
    published 2013-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66961
    title Ubuntu 12.04 LTS / 12.10 / 13.04 : mesa, mesa-lts-quantal vulnerabilities (USN-1888-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2678.NASL
    description Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66562
    published 2013-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66562
    title Debian DSA-2678-1 : mesa - several vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0897.NASL
    description Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66775
    published 2013-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66775
    title CentOS 6 : mesa (CESA-2013:0897)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0897.NASL
    description Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66772
    published 2013-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66772
    title RHEL 6 : mesa (RHSA-2013:0897)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0897.NASL
    description From Red Hat Security Advisory 2013:0897 : Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68832
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68832
    title Oracle Linux 6 : mesa (ELSA-2013-0897)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0898.NASL
    description From Red Hat Security Advisory 2013:0898 : Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68833
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68833
    title Oracle Linux 5 : mesa (ELSA-2013-0898)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0898.NASL
    description Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66776
    published 2013-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66776
    title CentOS 5 : mesa (CESA-2013:0898)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_XORG_20130924.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. (CVE-2013-1983) - Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. (CVE-2013-1986) - Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. (CVE-2013-1987) - Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions. (CVE-2013-1988) - Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function. (CVE-2013-1989) - Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions. (CVE-2013-1990) - Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions. (CVE-2013-1992) - Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions. (CVE-2013-1993) - Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function. (CVE-2013-1999) - Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions. (CVE-2013-2000) - Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function. (CVE-2013-2001) - Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function. (CVE-2013-2003) - Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. (CVE-2013-2063) - Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. (CVE-2013-2064) - Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function. (CVE-2013-2066)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80819
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80819
    title Oracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org)
redhat via4
advisories
  • bugzilla
    id 961613
    title CVE-2013-1993 Mesa: Multiple integer overflows leading to heap-based bufer overflows
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment glx-utils is earlier than 0:9.0-0.8.el6_4.3
          oval oval:com.redhat.rhsa:tst:20130897007
        • comment glx-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376138
      • AND
        • comment mesa-demos is earlier than 0:9.0-0.8.el6_4.3
          oval oval:com.redhat.rhsa:tst:20130897019
        • comment mesa-demos is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376146
      • AND
        • comment mesa-dri-drivers is earlier than 0:9.0-0.8.el6_4.3
          oval oval:com.redhat.rhsa:tst:20130897017
        • comment mesa-dri-drivers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376130
      • AND
        • comment mesa-dri-filesystem is earlier than 0:9.0-0.8.el6_4.3
          oval oval:com.redhat.rhsa:tst:20130897023
        • comment mesa-dri-filesystem is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376152
      • AND
        • comment mesa-libGL is earlier than 0:9.0-0.8.el6_4.3
          oval oval:com.redhat.rhsa:tst:20130897015
        • comment mesa-libGL is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376142
      • AND
        • comment mesa-libGL-devel is earlier than 0:9.0-0.8.el6_4.3
          oval oval:com.redhat.rhsa:tst:20130897013
        • comment mesa-libGL-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376134
      • AND
        • comment mesa-libGLU is earlier than 0:9.0-0.8.el6_4.3
          oval oval:com.redhat.rhsa:tst:20130897021
        • comment mesa-libGLU is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376148
      • AND
        • comment mesa-libGLU-devel is earlier than 0:9.0-0.8.el6_4.3
          oval oval:com.redhat.rhsa:tst:20130897009
        • comment mesa-libGLU-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376144
      • AND
        • comment mesa-libOSMesa is earlier than 0:9.0-0.8.el6_4.3
          oval oval:com.redhat.rhsa:tst:20130897011
        • comment mesa-libOSMesa is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376154
      • AND
        • comment mesa-libOSMesa-devel is earlier than 0:9.0-0.8.el6_4.3
          oval oval:com.redhat.rhsa:tst:20130897005
        • comment mesa-libOSMesa-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376140
    rhsa
    id RHSA-2013:0897
    released 2013-06-03
    severity Important
    title RHSA-2013:0897: mesa security update (Important)
  • bugzilla
    id 961613
    title CVE-2013-1993 Mesa: Multiple integer overflows leading to heap-based bufer overflows
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment glx-utils is earlier than 0:6.5.1-7.11.el5_9
          oval oval:com.redhat.rhsa:tst:20130898014
        • comment glx-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130898015
      • AND
        • comment mesa-libGL is earlier than 0:6.5.1-7.11.el5_9
          oval oval:com.redhat.rhsa:tst:20130898016
        • comment mesa-libGL is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130898017
      • AND
        • comment mesa-libGL-devel is earlier than 0:6.5.1-7.11.el5_9
          oval oval:com.redhat.rhsa:tst:20130898010
        • comment mesa-libGL-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130898011
      • AND
        • comment mesa-libGLU is earlier than 0:6.5.1-7.11.el5_9
          oval oval:com.redhat.rhsa:tst:20130898012
        • comment mesa-libGLU is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130898013
      • AND
        • comment mesa-libGLU-devel is earlier than 0:6.5.1-7.11.el5_9
          oval oval:com.redhat.rhsa:tst:20130898006
        • comment mesa-libGLU-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130898007
      • AND
        • comment mesa-libGLw is earlier than 0:6.5.1-7.11.el5_9
          oval oval:com.redhat.rhsa:tst:20130898018
        • comment mesa-libGLw is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130898019
      • AND
        • comment mesa-libGLw-devel is earlier than 0:6.5.1-7.11.el5_9
          oval oval:com.redhat.rhsa:tst:20130898020
        • comment mesa-libGLw-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130898021
      • AND
        • comment mesa-libOSMesa is earlier than 0:6.5.1-7.11.el5_9
          oval oval:com.redhat.rhsa:tst:20130898008
        • comment mesa-libOSMesa is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130898009
      • AND
        • comment mesa-libOSMesa-devel is earlier than 0:6.5.1-7.11.el5_9
          oval oval:com.redhat.rhsa:tst:20130898002
        • comment mesa-libOSMesa-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130898003
      • AND
        • comment mesa-source is earlier than 0:6.5.1-7.11.el5_9
          oval oval:com.redhat.rhsa:tst:20130898004
        • comment mesa-source is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130898005
    rhsa
    id RHSA-2013:0898
    released 2013-06-03
    severity Moderate
    title RHSA-2013:0898: mesa security update (Moderate)
rpms
  • glx-utils-0:9.0-0.8.el6_4.3
  • mesa-demos-0:9.0-0.8.el6_4.3
  • mesa-dri-drivers-0:9.0-0.8.el6_4.3
  • mesa-dri-filesystem-0:9.0-0.8.el6_4.3
  • mesa-libGL-0:9.0-0.8.el6_4.3
  • mesa-libGL-devel-0:9.0-0.8.el6_4.3
  • mesa-libGLU-0:9.0-0.8.el6_4.3
  • mesa-libGLU-devel-0:9.0-0.8.el6_4.3
  • mesa-libOSMesa-0:9.0-0.8.el6_4.3
  • mesa-libOSMesa-devel-0:9.0-0.8.el6_4.3
  • glx-utils-0:6.5.1-7.11.el5_9
  • mesa-libGL-0:6.5.1-7.11.el5_9
  • mesa-libGL-devel-0:6.5.1-7.11.el5_9
  • mesa-libGLU-0:6.5.1-7.11.el5_9
  • mesa-libGLU-devel-0:6.5.1-7.11.el5_9
  • mesa-libGLw-0:6.5.1-7.11.el5_9
  • mesa-libGLw-devel-0:6.5.1-7.11.el5_9
  • mesa-libOSMesa-0:6.5.1-7.11.el5_9
  • mesa-libOSMesa-devel-0:6.5.1-7.11.el5_9
  • mesa-source-0:6.5.1-7.11.el5_9
refmap via4
confirm
debian DSA-2678
mandriva MDVSA-2013:181
mlist
  • [Mesa-dev] 20130523 [PATCH:mesa 1/2] integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2]
  • [Mesa-dev] 20130523 [PATCH:mesa 2/2] integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2]
  • [oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries
suse openSUSE-SU-2013:0865
ubuntu USN-1888-1
Last major update 17-01-2014 - 00:14
Published 15-06-2013 - 15:55
Back to Top