openSUSE Security Update: Mesa: security and bugfix update ______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0865-1 Rating: moderate References: #814947 #815451 #821855 Cross-References: CVE-2013-1993 Affected Products: openSUSE 12.2 ______________________________________________________________________________
An update that solves one vulnerability and has two fixes is now available.
Description:
This Mesa update fixes the following security bug: CVE-2013-1993: Integer overflows in XF86DRIOpenConnection and XF86DRIGetClientDriverName were fixed that could lead to client crashes when using a malicious X server.
This update fixes the following issue for Mesa on openSUSE 12.3: - bnc#814947, fdo#62141: Make sure we do render between two hiz flushes
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 12.2:
zypper in -t patch openSUSE-2013-366
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.2 (i586 x86_64):
Mesa-8.0.4-20.23.1 Mesa-debuginfo-8.0.4-20.23.1 Mesa-debugsource-8.0.4-20.23.1 Mesa-devel-8.0.4-20.23.1 Mesa-libEGL-devel-8.0.4-20.23.1 Mesa-libEGL1-8.0.4-20.23.1 Mesa-libEGL1-debuginfo-8.0.4-20.23.1 Mesa-libGL-devel-8.0.4-20.23.1 Mesa-libGL1-8.0.4-20.23.1 Mesa-libGL1-debuginfo-8.0.4-20.23.1 Mesa-libGLESv1_CM-devel-8.0.4-20.23.1 Mesa-libGLESv1_CM1-8.0.4-20.23.1 Mesa-libGLESv1_CM1-debuginfo-8.0.4-20.23.1 Mesa-libGLESv2-2-8.0.4-20.23.1 Mesa-libGLESv2-2-debuginfo-8.0.4-20.23.1 Mesa-libGLESv2-devel-8.0.4-20.23.1 Mesa-libGLU-devel-8.0.4-20.23.1 Mesa-libGLU1-8.0.4-20.23.1 Mesa-libGLU1-debuginfo-8.0.4-20.23.1 Mesa-libIndirectGL1-8.0.4-20.23.1 Mesa-libIndirectGL1-debuginfo-8.0.4-20.23.1 Mesa-libglapi0-8.0.4-20.23.1 Mesa-libglapi0-debuginfo-8.0.4-20.23.1 libOSMesa8-8.0.4-20.23.1 libOSMesa8-debuginfo-8.0.4-20.23.1 libXvMC_nouveau-8.0.4-20.23.1 libXvMC_nouveau-debuginfo-8.0.4-20.23.1 libXvMC_r300-8.0.4-20.23.1 libXvMC_r300-debuginfo-8.0.4-20.23.1 libXvMC_r600-8.0.4-20.23.1 libXvMC_r600-debuginfo-8.0.4-20.23.1 libXvMC_softpipe-8.0.4-20.23.1 libXvMC_softpipe-debuginfo-8.0.4-20.23.1 libgbm-devel-0.0.0-20.23.1 libgbm1-0.0.0-20.23.1 libgbm1-debuginfo-0.0.0-20.23.1 libvdpau_nouveau-8.0.4-20.23.1 libvdpau_nouveau-debuginfo-8.0.4-20.23.1 libvdpau_r300-8.0.4-20.23.1 libvdpau_r300-debuginfo-8.0.4-20.23.1 libvdpau_r600-8.0.4-20.23.1 libvdpau_r600-debuginfo-8.0.4-20.23.1 libvdpau_softpipe-8.0.4-20.23.1 libvdpau_softpipe-debuginfo-8.0.4-20.23.1 libxatracker-devel-1.0.0-20.23.1 libxatracker1-1.0.0-20.23.1 libxatracker1-debuginfo-1.0.0-20.23.1
- openSUSE 12.2 (x86_64):
Mesa-32bit-8.0.4-20.23.1 Mesa-debuginfo-32bit-8.0.4-20.23.1 Mesa-devel-32bit-8.0.4-20.23.1 Mesa-libEGL-devel-32bit-8.0.4-20.23.1 Mesa-libEGL1-32bit-8.0.4-20.23.1 Mesa-libEGL1-debuginfo-32bit-8.0.4-20.23.1 Mesa-libGL-devel-32bit-8.0.4-20.23.1 Mesa-libGL1-32bit-8.0.4-20.23.1 Mesa-libGL1-debuginfo-32bit-8.0.4-20.23.1 Mesa-libGLESv1_CM-devel-32bit-8.0.4-20.23.1 Mesa-libGLESv1_CM1-32bit-8.0.4-20.23.1 Mesa-libGLESv1_CM1-debuginfo-32bit-8.0.4-20.23.1 Mesa-libGLESv2-2-32bit-8.0.4-20.23.1 Mesa-libGLESv2-2-debuginfo-32bit-8.0.4-20.23.1 Mesa-libGLESv2-devel-32bit-8.0.4-20.23.1 Mesa-libGLU-devel-32bit-8.0.4-20.23.1 Mesa-libGLU1-32bit-8.0.4-20.23.1 Mesa-libGLU1-debuginfo-32bit-8.0.4-20.23.1 Mesa-libIndirectGL1-32bit-8.0.4-20.23.1 Mesa-libIndirectGL1-debuginfo-32bit-8.0.4-20.23.1 Mesa-libglapi0-32bit-8.0.4-20.23.1 Mesa-libglapi0-debuginfo-32bit-8.0.4-20.23.1 libOSMesa8-32bit-8.0.4-20.23.1 libOSMesa8-debuginfo-32bit-8.0.4-20.23.1 libXvMC_nouveau-32bit-8.0.4-20.23.1 libXvMC_nouveau-debuginfo-32bit-8.0.4-20.23.1 libXvMC_r300-32bit-8.0.4-20.23.1 libXvMC_r300-debuginfo-32bit-8.0.4-20.23.1 libXvMC_r600-32bit-8.0.4-20.23.1 libXvMC_r600-debuginfo-32bit-8.0.4-20.23.1 libXvMC_softpipe-32bit-8.0.4-20.23.1 libXvMC_softpipe-debuginfo-32bit-8.0.4-20.23.1 libgbm-devel-32bit-0.0.0-20.23.1 libgbm1-32bit-0.0.0-20.23.1 libgbm1-debuginfo-32bit-0.0.0-20.23.1 libvdpau_nouveau-32bit-8.0.4-20.23.1 libvdpau_nouveau-debuginfo-32bit-8.0.4-20.23.1 libvdpau_r300-32bit-8.0.4-20.23.1 libvdpau_r300-debuginfo-32bit-8.0.4-20.23.1 libvdpau_r600-32bit-8.0.4-20.23.1 libvdpau_r600-debuginfo-32bit-8.0.4-20.23.1 libvdpau_softpipe-32bit-8.0.4-20.23.1 libvdpau_softpipe-debuginfo-32bit-8.0.4-20.23.1
References:
http://support.novell.com/security/cve/CVE-2013-1993.html https://bugzilla.novell.com/814947 https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821855