USN-1888-1: Mesa vulnerabilities

Ubuntu Security Notice USN-1888-1

20th June, 2013

mesa, mesa-lts-quantal vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary

Mesa could be made to crash or run programs as your login if it received specially crafted input.

Software description

  • mesa - free implementation of the EGL API
  • mesa-lts-quantal - free implementation of the EGL API

Details

It was discovered that Mesa incorrectly handled certain memory
calculations. An attacker could use this flaw to cause an application to
crash, or possibly execute arbitrary code. (CVE-2013-1872)

Ilja van Sprundel discovered that Mesa incorrectly handled certain memory
calculations. An attacker could use this flaw to cause an application to
crash, or possibly execute arbitrary code. (CVE-2013-1993)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 13.04:
libgl1-mesa-dri 9.1.3-0ubuntu0.3
libgl1-mesa-glx 9.1.3-0ubuntu0.3
libosmesa6 9.1.3-0ubuntu0.3
libglapi-mesa 9.1.3-0ubuntu0.3
libopenvg1-mesa 9.1.3-0ubuntu0.3
libgles2-mesa 9.1.3-0ubuntu0.3
libegl1-mesa 9.1.3-0ubuntu0.3
libxatracker1 9.1.3-0ubuntu0.3
libgles1-mesa 9.1.3-0ubuntu0.3
libgbm1 9.1.3-0ubuntu0.3
Ubuntu 12.10:
libgl1-mesa-dri 9.0.3-0ubuntu0.2
libgl1-mesa-glx 9.0.3-0ubuntu0.2
libosmesa6 9.0.3-0ubuntu0.2
libglapi-mesa 9.0.3-0ubuntu0.2
libopenvg1-mesa 9.0.3-0ubuntu0.2
libgles2-mesa 9.0.3-0ubuntu0.2
libegl1-mesa 9.0.3-0ubuntu0.2
libxatracker1 9.0.3-0ubuntu0.2
libgles1-mesa 9.0.3-0ubuntu0.2
libgbm1 9.0.3-0ubuntu0.2
Ubuntu 12.04 LTS:
libxatracker1-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgl1-mesa-dri 8.0.4-0ubuntu0.6
libglu1-mesa 8.0.4-0ubuntu0.6
libopenvg1-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgl1-mesa-glx 8.0.4-0ubuntu0.6
libgles2-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libosmesa6 8.0.4-0ubuntu0.6
libgl1-mesa-swx11 8.0.4-0ubuntu0.6
libglapi-mesa 8.0.4-0ubuntu0.6
libopenvg1-mesa 8.0.4-0ubuntu0.6
libgl1-mesa-dri-lts-quantal 9.0.3-0ubuntu0.1~precise3
libglapi-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgles1-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgl1-mesa-glx-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgbm1-lts-quantal 9.0.3-0ubuntu0.1~precise3
libegl1-mesa 8.0.4-0ubuntu0.6
libgles2-mesa 8.0.4-0ubuntu0.6
libegl1-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libxatracker1 8.0.4-0ubuntu0.6
libgles1-mesa 8.0.4-0ubuntu0.6
libgbm1 8.0.4-0ubuntu0.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all
the necessary changes.

References

CVE-2013-1872, CVE-2013-1993