-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:103 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : mesa Date : April 10, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated mesa packages fix security vulnerability: The glsl shaders are vulnerable to a buffer overrun in parcel_out_uniform_storage::visit_field. When too many uniforms are used, the error will now be caught in check_resources (src/glsl/linker.cpp) (CVE-2012-2864). Additionally, Mesa has been updated to 8.0.4, fixing several bugs. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2864 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0264 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: ddd7f11666cd9228f779fa74d2a3b913 mbs1/x86_64/lib64dri-drivers-8.0.4-1.mbs1.x86_64.rpm 605fadbb4940d2911231302e77bc1a3e mbs1/x86_64/lib64gbm1-8.0.4-1.mbs1.x86_64.rpm 346f755585cafcc134c154a21d4d7bdd mbs1/x86_64/lib64gbm1-devel-8.0.4-1.mbs1.x86_64.rpm 36d15a0261c0d03f82bf4856d683900f mbs1/x86_64/lib64glapi0-8.0.4-1.mbs1.x86_64.rpm bab03d93fa49d16f391f69b4165ccfc7 mbs1/x86_64/lib64glapi0-devel-8.0.4-1.mbs1.x86_64.rpm b3e750795674443d0d0cc13014f3829f mbs1/x86_64/lib64mesaegl1-8.0.4-1.mbs1.x86_64.rpm 795c535bba6d27dad7b818799471a5ee mbs1/x86_64/lib64mesaegl1-devel-8.0.4-1.mbs1.x86_64.rpm bfed4a50ba04bc36d95860afaefbc927 mbs1/x86_64/lib64mesagl1-8.0.4-1.mbs1.x86_64.rpm d938e7d97178db09d57c7869a2c416ba mbs1/x86_64/lib64mesagl1-devel-8.0.4-1.mbs1.x86_64.rpm 35421f0c0da617decbde02ca8b5f2df5 mbs1/x86_64/lib64mesaglesv1_1-8.0.4-1.mbs1.x86_64.rpm 4457aaf24a8c006f22bf16c73d7b6cbe mbs1/x86_64/lib64mesaglesv1_1-devel-8.0.4-1.mbs1.x86_64.rpm 7507b996f57f13ee6c953ea8563cca00 mbs1/x86_64/lib64mesaglesv2_2-8.0.4-1.mbs1.x86_64.rpm 63057e38a81caf6423f7c5e8a756b6bb mbs1/x86_64/lib64mesaglesv2_2-devel-8.0.4-1.mbs1.x86_64.rpm efec37560ee8b44d336112196cc40583 mbs1/x86_64/lib64mesaglu1-8.0.4-1.mbs1.x86_64.rpm 14f595184581c078aef1b1b9af4b952b mbs1/x86_64/lib64mesaglu1-devel-8.0.4-1.mbs1.x86_64.rpm bda454a325e9447d06407f09b796c70b mbs1/x86_64/lib64mesaopenvg1-8.0.4-1.mbs1.x86_64.rpm 42203d6567254c09d5b513d29afc3c78 mbs1/x86_64/lib64mesaopenvg1-devel-8.0.4-1.mbs1.x86_64.rpm ba5408712f31f8ad72214069097ff4a5 mbs1/x86_64/lib64wayland-egl1-8.0.4-1.mbs1.x86_64.rpm e1f6c2a93574af1f49ace95c0eaf5fee mbs1/x86_64/lib64wayland-egl1-devel-8.0.4-1.mbs1.x86_64.rpm 01c4ab83b92f06f295530daf2dea47b3 mbs1/x86_64/mesa-8.0.4-1.mbs1.x86_64.rpm c38819f524ce848b78c43043d27e561a mbs1/x86_64/mesa-common-devel-8.0.4-1.mbs1.x86_64.rpm 7edddb6da33c4be3d06aec29b1aad456 mbs1/SRPMS/mesa-8.0.4-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZRwGmqjQ0CJFipgRAq3pAJ4/NkJME0MgNq/NjsI1pwAevc8gBACcDSxw vmFaJLBJ4JEd9m7epoI/Lt4= =BN6E -----END PGP SIGNATURE-----
