lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <E1UPskz-0002GI-3G@titan.mandriva.com>
Date: Wed, 10 Apr 2013 13:00:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:103 ] mesa

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:103
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : mesa
 Date    : April 10, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated mesa packages fix security vulnerability:
 
 The glsl shaders are vulnerable to a buffer overrun in
 parcel_out_uniform_storage::visit_field. When too many uniforms
 are used, the error will now be caught in check_resources
 (src/glsl/linker.cpp) (CVE-2012-2864).
 
 Additionally, Mesa has been updated to 8.0.4, fixing several bugs.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2864
 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0264
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 ddd7f11666cd9228f779fa74d2a3b913  mbs1/x86_64/lib64dri-drivers-8.0.4-1.mbs1.x86_64.rpm
 605fadbb4940d2911231302e77bc1a3e  mbs1/x86_64/lib64gbm1-8.0.4-1.mbs1.x86_64.rpm
 346f755585cafcc134c154a21d4d7bdd  mbs1/x86_64/lib64gbm1-devel-8.0.4-1.mbs1.x86_64.rpm
 36d15a0261c0d03f82bf4856d683900f  mbs1/x86_64/lib64glapi0-8.0.4-1.mbs1.x86_64.rpm
 bab03d93fa49d16f391f69b4165ccfc7  mbs1/x86_64/lib64glapi0-devel-8.0.4-1.mbs1.x86_64.rpm
 b3e750795674443d0d0cc13014f3829f  mbs1/x86_64/lib64mesaegl1-8.0.4-1.mbs1.x86_64.rpm
 795c535bba6d27dad7b818799471a5ee  mbs1/x86_64/lib64mesaegl1-devel-8.0.4-1.mbs1.x86_64.rpm
 bfed4a50ba04bc36d95860afaefbc927  mbs1/x86_64/lib64mesagl1-8.0.4-1.mbs1.x86_64.rpm
 d938e7d97178db09d57c7869a2c416ba  mbs1/x86_64/lib64mesagl1-devel-8.0.4-1.mbs1.x86_64.rpm
 35421f0c0da617decbde02ca8b5f2df5  mbs1/x86_64/lib64mesaglesv1_1-8.0.4-1.mbs1.x86_64.rpm
 4457aaf24a8c006f22bf16c73d7b6cbe  mbs1/x86_64/lib64mesaglesv1_1-devel-8.0.4-1.mbs1.x86_64.rpm
 7507b996f57f13ee6c953ea8563cca00  mbs1/x86_64/lib64mesaglesv2_2-8.0.4-1.mbs1.x86_64.rpm
 63057e38a81caf6423f7c5e8a756b6bb  mbs1/x86_64/lib64mesaglesv2_2-devel-8.0.4-1.mbs1.x86_64.rpm
 efec37560ee8b44d336112196cc40583  mbs1/x86_64/lib64mesaglu1-8.0.4-1.mbs1.x86_64.rpm
 14f595184581c078aef1b1b9af4b952b  mbs1/x86_64/lib64mesaglu1-devel-8.0.4-1.mbs1.x86_64.rpm
 bda454a325e9447d06407f09b796c70b  mbs1/x86_64/lib64mesaopenvg1-8.0.4-1.mbs1.x86_64.rpm
 42203d6567254c09d5b513d29afc3c78  mbs1/x86_64/lib64mesaopenvg1-devel-8.0.4-1.mbs1.x86_64.rpm
 ba5408712f31f8ad72214069097ff4a5  mbs1/x86_64/lib64wayland-egl1-8.0.4-1.mbs1.x86_64.rpm
 e1f6c2a93574af1f49ace95c0eaf5fee  mbs1/x86_64/lib64wayland-egl1-devel-8.0.4-1.mbs1.x86_64.rpm
 01c4ab83b92f06f295530daf2dea47b3  mbs1/x86_64/mesa-8.0.4-1.mbs1.x86_64.rpm
 c38819f524ce848b78c43043d27e561a  mbs1/x86_64/mesa-common-devel-8.0.4-1.mbs1.x86_64.rpm 
 7edddb6da33c4be3d06aec29b1aad456  mbs1/SRPMS/mesa-8.0.4-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRZRwGmqjQ0CJFipgRAq3pAJ4/NkJME0MgNq/NjsI1pwAevc8gBACcDSxw
vmFaJLBJ4JEd9m7epoI/Lt4=
=BN6E
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ