openSUSE Security Update: Mesa: security and bugfix update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0865-1 Rating: moderate References: #814947 #815451 #821855 Cross-References: CVE-2013-1993 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This Mesa update fixes the following security bug: CVE-2013-1993: Integer overflows in XF86DRIOpenConnection and XF86DRIGetClientDriverName were fixed that could lead to client crashes when using a malicious X server. This update fixes the following issue for Mesa on openSUSE 12.3: - bnc#814947, fdo#62141: Make sure we do render between two hiz flushes Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-366 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): Mesa-8.0.4-20.23.1 Mesa-debuginfo-8.0.4-20.23.1 Mesa-debugsource-8.0.4-20.23.1 Mesa-devel-8.0.4-20.23.1 Mesa-libEGL-devel-8.0.4-20.23.1 Mesa-libEGL1-8.0.4-20.23.1 Mesa-libEGL1-debuginfo-8.0.4-20.23.1 Mesa-libGL-devel-8.0.4-20.23.1 Mesa-libGL1-8.0.4-20.23.1 Mesa-libGL1-debuginfo-8.0.4-20.23.1 Mesa-libGLESv1_CM-devel-8.0.4-20.23.1 Mesa-libGLESv1_CM1-8.0.4-20.23.1 Mesa-libGLESv1_CM1-debuginfo-8.0.4-20.23.1 Mesa-libGLESv2-2-8.0.4-20.23.1 Mesa-libGLESv2-2-debuginfo-8.0.4-20.23.1 Mesa-libGLESv2-devel-8.0.4-20.23.1 Mesa-libGLU-devel-8.0.4-20.23.1 Mesa-libGLU1-8.0.4-20.23.1 Mesa-libGLU1-debuginfo-8.0.4-20.23.1 Mesa-libIndirectGL1-8.0.4-20.23.1 Mesa-libIndirectGL1-debuginfo-8.0.4-20.23.1 Mesa-libglapi0-8.0.4-20.23.1 Mesa-libglapi0-debuginfo-8.0.4-20.23.1 libOSMesa8-8.0.4-20.23.1 libOSMesa8-debuginfo-8.0.4-20.23.1 libXvMC_nouveau-8.0.4-20.23.1 libXvMC_nouveau-debuginfo-8.0.4-20.23.1 libXvMC_r300-8.0.4-20.23.1 libXvMC_r300-debuginfo-8.0.4-20.23.1 libXvMC_r600-8.0.4-20.23.1 libXvMC_r600-debuginfo-8.0.4-20.23.1 libXvMC_softpipe-8.0.4-20.23.1 libXvMC_softpipe-debuginfo-8.0.4-20.23.1 libgbm-devel-0.0.0-20.23.1 libgbm1-0.0.0-20.23.1 libgbm1-debuginfo-0.0.0-20.23.1 libvdpau_nouveau-8.0.4-20.23.1 libvdpau_nouveau-debuginfo-8.0.4-20.23.1 libvdpau_r300-8.0.4-20.23.1 libvdpau_r300-debuginfo-8.0.4-20.23.1 libvdpau_r600-8.0.4-20.23.1 libvdpau_r600-debuginfo-8.0.4-20.23.1 libvdpau_softpipe-8.0.4-20.23.1 libvdpau_softpipe-debuginfo-8.0.4-20.23.1 libxatracker-devel-1.0.0-20.23.1 libxatracker1-1.0.0-20.23.1 libxatracker1-debuginfo-1.0.0-20.23.1 - openSUSE 12.2 (x86_64): Mesa-32bit-8.0.4-20.23.1 Mesa-debuginfo-32bit-8.0.4-20.23.1 Mesa-devel-32bit-8.0.4-20.23.1 Mesa-libEGL-devel-32bit-8.0.4-20.23.1 Mesa-libEGL1-32bit-8.0.4-20.23.1 Mesa-libEGL1-debuginfo-32bit-8.0.4-20.23.1 Mesa-libGL-devel-32bit-8.0.4-20.23.1 Mesa-libGL1-32bit-8.0.4-20.23.1 Mesa-libGL1-debuginfo-32bit-8.0.4-20.23.1 Mesa-libGLESv1_CM-devel-32bit-8.0.4-20.23.1 Mesa-libGLESv1_CM1-32bit-8.0.4-20.23.1 Mesa-libGLESv1_CM1-debuginfo-32bit-8.0.4-20.23.1 Mesa-libGLESv2-2-32bit-8.0.4-20.23.1 Mesa-libGLESv2-2-debuginfo-32bit-8.0.4-20.23.1 Mesa-libGLESv2-devel-32bit-8.0.4-20.23.1 Mesa-libGLU-devel-32bit-8.0.4-20.23.1 Mesa-libGLU1-32bit-8.0.4-20.23.1 Mesa-libGLU1-debuginfo-32bit-8.0.4-20.23.1 Mesa-libIndirectGL1-32bit-8.0.4-20.23.1 Mesa-libIndirectGL1-debuginfo-32bit-8.0.4-20.23.1 Mesa-libglapi0-32bit-8.0.4-20.23.1 Mesa-libglapi0-debuginfo-32bit-8.0.4-20.23.1 libOSMesa8-32bit-8.0.4-20.23.1 libOSMesa8-debuginfo-32bit-8.0.4-20.23.1 libXvMC_nouveau-32bit-8.0.4-20.23.1 libXvMC_nouveau-debuginfo-32bit-8.0.4-20.23.1 libXvMC_r300-32bit-8.0.4-20.23.1 libXvMC_r300-debuginfo-32bit-8.0.4-20.23.1 libXvMC_r600-32bit-8.0.4-20.23.1 libXvMC_r600-debuginfo-32bit-8.0.4-20.23.1 libXvMC_softpipe-32bit-8.0.4-20.23.1 libXvMC_softpipe-debuginfo-32bit-8.0.4-20.23.1 libgbm-devel-32bit-0.0.0-20.23.1 libgbm1-32bit-0.0.0-20.23.1 libgbm1-debuginfo-32bit-0.0.0-20.23.1 libvdpau_nouveau-32bit-8.0.4-20.23.1 libvdpau_nouveau-debuginfo-32bit-8.0.4-20.23.1 libvdpau_r300-32bit-8.0.4-20.23.1 libvdpau_r300-debuginfo-32bit-8.0.4-20.23.1 libvdpau_r600-32bit-8.0.4-20.23.1 libvdpau_r600-debuginfo-32bit-8.0.4-20.23.1 libvdpau_softpipe-32bit-8.0.4-20.23.1 libvdpau_softpipe-debuginfo-32bit-8.0.4-20.23.1 References: http://support.novell.com/security/cve/CVE-2013-1993.html https://bugzilla.novell.com/814947 https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821855