[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UPsky-0002GB-SI@titan.mandriva.com>
Date: Wed, 10 Apr 2013 13:00:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2013:103 ] mesa
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:103
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : mesa
Date : April 10, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated mesa packages fix security vulnerability:
The glsl shaders are vulnerable to a buffer overrun in
parcel_out_uniform_storage::visit_field. When too many uniforms
are used, the error will now be caught in check_resources
(src/glsl/linker.cpp) (CVE-2012-2864).
Additionally, Mesa has been updated to 8.0.4, fixing several bugs.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2864
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0264
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
ddd7f11666cd9228f779fa74d2a3b913 mbs1/x86_64/lib64dri-drivers-8.0.4-1.mbs1.x86_64.rpm
605fadbb4940d2911231302e77bc1a3e mbs1/x86_64/lib64gbm1-8.0.4-1.mbs1.x86_64.rpm
346f755585cafcc134c154a21d4d7bdd mbs1/x86_64/lib64gbm1-devel-8.0.4-1.mbs1.x86_64.rpm
36d15a0261c0d03f82bf4856d683900f mbs1/x86_64/lib64glapi0-8.0.4-1.mbs1.x86_64.rpm
bab03d93fa49d16f391f69b4165ccfc7 mbs1/x86_64/lib64glapi0-devel-8.0.4-1.mbs1.x86_64.rpm
b3e750795674443d0d0cc13014f3829f mbs1/x86_64/lib64mesaegl1-8.0.4-1.mbs1.x86_64.rpm
795c535bba6d27dad7b818799471a5ee mbs1/x86_64/lib64mesaegl1-devel-8.0.4-1.mbs1.x86_64.rpm
bfed4a50ba04bc36d95860afaefbc927 mbs1/x86_64/lib64mesagl1-8.0.4-1.mbs1.x86_64.rpm
d938e7d97178db09d57c7869a2c416ba mbs1/x86_64/lib64mesagl1-devel-8.0.4-1.mbs1.x86_64.rpm
35421f0c0da617decbde02ca8b5f2df5 mbs1/x86_64/lib64mesaglesv1_1-8.0.4-1.mbs1.x86_64.rpm
4457aaf24a8c006f22bf16c73d7b6cbe mbs1/x86_64/lib64mesaglesv1_1-devel-8.0.4-1.mbs1.x86_64.rpm
7507b996f57f13ee6c953ea8563cca00 mbs1/x86_64/lib64mesaglesv2_2-8.0.4-1.mbs1.x86_64.rpm
63057e38a81caf6423f7c5e8a756b6bb mbs1/x86_64/lib64mesaglesv2_2-devel-8.0.4-1.mbs1.x86_64.rpm
efec37560ee8b44d336112196cc40583 mbs1/x86_64/lib64mesaglu1-8.0.4-1.mbs1.x86_64.rpm
14f595184581c078aef1b1b9af4b952b mbs1/x86_64/lib64mesaglu1-devel-8.0.4-1.mbs1.x86_64.rpm
bda454a325e9447d06407f09b796c70b mbs1/x86_64/lib64mesaopenvg1-8.0.4-1.mbs1.x86_64.rpm
42203d6567254c09d5b513d29afc3c78 mbs1/x86_64/lib64mesaopenvg1-devel-8.0.4-1.mbs1.x86_64.rpm
ba5408712f31f8ad72214069097ff4a5 mbs1/x86_64/lib64wayland-egl1-8.0.4-1.mbs1.x86_64.rpm
e1f6c2a93574af1f49ace95c0eaf5fee mbs1/x86_64/lib64wayland-egl1-devel-8.0.4-1.mbs1.x86_64.rpm
01c4ab83b92f06f295530daf2dea47b3 mbs1/x86_64/mesa-8.0.4-1.mbs1.x86_64.rpm
c38819f524ce848b78c43043d27e561a mbs1/x86_64/mesa-common-devel-8.0.4-1.mbs1.x86_64.rpm
7edddb6da33c4be3d06aec29b1aad456 mbs1/SRPMS/mesa-8.0.4-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRZRwGmqjQ0CJFipgRAq3pAJ4/NkJME0MgNq/NjsI1pwAevc8gBACcDSxw
vmFaJLBJ4JEd9m7epoI/Lt4=
=BN6E
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists