openSUSE-SU-2012:1120-1: moderate: Mesa: fixed overflow in glsl shaders

6 Sep 2012

      openSUSE Security Update: Mesa: fixed overflow in glsl shaders
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:1120-1
Rating:             moderate
References:         #777461 
Cross-References:   CVE-2012-2864
Affected Products:
                    openSUSE 12.2
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   Mesa was updated to fix a buffer overrun in glsl shaders:
   -
   U_glsl-linker-Avoid-buffer-over-run-in-parcel_out_unif.patch

   * Avoid buffer over-run in
   parcel_out_uniform_storage::visit_field When too may
   uniforms are used, the error will be caught in
   check_resources (src/glsl/linker.cpp). (CVE-2012-2864,
   bnc#777461)

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.2:

      zypper in -t patch openSUSE-2012-580

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE 12.2 (i586 x86_64):

      Mesa-8.0.4-20.7.1
      Mesa-debuginfo-8.0.4-20.7.1
      Mesa-debugsource-8.0.4-20.7.1
      Mesa-devel-8.0.4-20.7.1
      Mesa-libEGL-devel-8.0.4-20.7.1
      Mesa-libEGL1-8.0.4-20.7.1
      Mesa-libEGL1-debuginfo-8.0.4-20.7.1
      Mesa-libGL-devel-8.0.4-20.7.1
      Mesa-libGL1-8.0.4-20.7.1
      Mesa-libGL1-debuginfo-8.0.4-20.7.1
      Mesa-libGLESv1_CM-devel-8.0.4-20.7.1
      Mesa-libGLESv1_CM1-8.0.4-20.7.1
      Mesa-libGLESv1_CM1-debuginfo-8.0.4-20.7.1
      Mesa-libGLESv2-2-8.0.4-20.7.1
      Mesa-libGLESv2-2-debuginfo-8.0.4-20.7.1
      Mesa-libGLESv2-devel-8.0.4-20.7.1
      Mesa-libGLU-devel-8.0.4-20.7.1
      Mesa-libGLU1-8.0.4-20.7.1
      Mesa-libGLU1-debuginfo-8.0.4-20.7.1
      Mesa-libIndirectGL1-8.0.4-20.7.1
      Mesa-libIndirectGL1-debuginfo-8.0.4-20.7.1
      Mesa-libglapi0-8.0.4-20.7.1
      Mesa-libglapi0-debuginfo-8.0.4-20.7.1
      libOSMesa8-8.0.4-20.7.1
      libOSMesa8-debuginfo-8.0.4-20.7.1
      libXvMC_nouveau-8.0.4-20.7.1
      libXvMC_nouveau-debuginfo-8.0.4-20.7.1
      libXvMC_r300-8.0.4-20.7.1
      libXvMC_r300-debuginfo-8.0.4-20.7.1
      libXvMC_r600-8.0.4-20.7.1
      libXvMC_r600-debuginfo-8.0.4-20.7.1
      libXvMC_softpipe-8.0.4-20.7.1
      libXvMC_softpipe-debuginfo-8.0.4-20.7.1
      libgbm-devel-0.0.0-20.7.1
      libgbm1-0.0.0-20.7.1
      libgbm1-debuginfo-0.0.0-20.7.1
      libvdpau_nouveau-8.0.4-20.7.1
      libvdpau_nouveau-debuginfo-8.0.4-20.7.1
      libvdpau_r300-8.0.4-20.7.1
      libvdpau_r300-debuginfo-8.0.4-20.7.1
      libvdpau_r600-8.0.4-20.7.1
      libvdpau_r600-debuginfo-8.0.4-20.7.1
      libvdpau_softpipe-8.0.4-20.7.1
      libvdpau_softpipe-debuginfo-8.0.4-20.7.1
      libxatracker-devel-1.0.0-20.7.1
      libxatracker1-1.0.0-20.7.1
      libxatracker1-debuginfo-1.0.0-20.7.1

   - openSUSE 12.2 (x86_64):

      Mesa-32bit-8.0.4-20.7.1
      Mesa-debuginfo-32bit-8.0.4-20.7.1
      Mesa-devel-32bit-8.0.4-20.7.1
      Mesa-libEGL-devel-32bit-8.0.4-20.7.1
      Mesa-libEGL1-32bit-8.0.4-20.7.1
      Mesa-libEGL1-debuginfo-32bit-8.0.4-20.7.1
      Mesa-libGL-devel-32bit-8.0.4-20.7.1
      Mesa-libGL1-32bit-8.0.4-20.7.1
      Mesa-libGL1-debuginfo-32bit-8.0.4-20.7.1
      Mesa-libGLESv1_CM-devel-32bit-8.0.4-20.7.1
      Mesa-libGLESv1_CM1-32bit-8.0.4-20.7.1
      Mesa-libGLESv1_CM1-debuginfo-32bit-8.0.4-20.7.1
      Mesa-libGLESv2-2-32bit-8.0.4-20.7.1
      Mesa-libGLESv2-2-debuginfo-32bit-8.0.4-20.7.1
      Mesa-libGLESv2-devel-32bit-8.0.4-20.7.1
      Mesa-libGLU-devel-32bit-8.0.4-20.7.1
      Mesa-libGLU1-32bit-8.0.4-20.7.1
      Mesa-libGLU1-debuginfo-32bit-8.0.4-20.7.1
      Mesa-libIndirectGL1-32bit-8.0.4-20.7.1
      Mesa-libIndirectGL1-debuginfo-32bit-8.0.4-20.7.1
      Mesa-libglapi0-32bit-8.0.4-20.7.1
      Mesa-libglapi0-debuginfo-32bit-8.0.4-20.7.1
      libOSMesa8-32bit-8.0.4-20.7.1
      libOSMesa8-debuginfo-32bit-8.0.4-20.7.1
      libXvMC_nouveau-32bit-8.0.4-20.7.1
      libXvMC_nouveau-debuginfo-32bit-8.0.4-20.7.1
      libXvMC_r300-32bit-8.0.4-20.7.1
      libXvMC_r300-debuginfo-32bit-8.0.4-20.7.1
      libXvMC_r600-32bit-8.0.4-20.7.1
      libXvMC_r600-debuginfo-32bit-8.0.4-20.7.1
      libXvMC_softpipe-32bit-8.0.4-20.7.1
      libXvMC_softpipe-debuginfo-32bit-8.0.4-20.7.1
      libgbm-devel-32bit-0.0.0-20.7.1
      libgbm1-32bit-0.0.0-20.7.1
      libgbm1-debuginfo-32bit-0.0.0-20.7.1
      libvdpau_nouveau-32bit-8.0.4-20.7.1
      libvdpau_nouveau-debuginfo-32bit-8.0.4-20.7.1
      libvdpau_r300-32bit-8.0.4-20.7.1
      libvdpau_r300-debuginfo-32bit-8.0.4-20.7.1
      libvdpau_r600-32bit-8.0.4-20.7.1
      libvdpau_r600-debuginfo-32bit-8.0.4-20.7.1
      libvdpau_softpipe-32bit-8.0.4-20.7.1
      libvdpau_softpipe-debuginfo-32bit-8.0.4-20.7.1

References:

   http://support.novell.com/security/cve/CVE-2012-2864.html
   https://bugzilla.novell.com/777461

openSUSE-SU-2012:1120-1: moderate: Mesa: fixed overflow in glsl shaders

opensuse-security＠opensuse.org