USN-1888-1: Mesa vulnerabilities

Releases

• Ubuntu 13.04
• Ubuntu 12.10
• Ubuntu 12.04

Packages

• mesa - free implementation of the EGL API
• mesa-lts-quantal - free implementation of the EGL API

Details

It was discovered that Mesa incorrectly handled certain memory
calculations. An attacker could use this flaw to cause an application to
crash, or possibly execute arbitrary code. (CVE-2013-1872)

Ilja van Sprundel discovered that Mesa incorrectly handled certain memory
calculations. An attacker could use this flaw to cause an application to
crash, or possibly execute arbitrary code. (CVE-2013-1993)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.04

• libgl1-mesa-dri - 9.1.3-0ubuntu0.3
• libgl1-mesa-glx - 9.1.3-0ubuntu0.3
• libosmesa6 - 9.1.3-0ubuntu0.3
• libglapi-mesa - 9.1.3-0ubuntu0.3
• libopenvg1-mesa - 9.1.3-0ubuntu0.3
• libgles2-mesa - 9.1.3-0ubuntu0.3
• libegl1-mesa - 9.1.3-0ubuntu0.3
• libxatracker1 - 9.1.3-0ubuntu0.3
• libgles1-mesa - 9.1.3-0ubuntu0.3
• libgbm1 - 9.1.3-0ubuntu0.3

Ubuntu 12.10

• libgl1-mesa-dri - 9.0.3-0ubuntu0.2
• libgl1-mesa-glx - 9.0.3-0ubuntu0.2
• libosmesa6 - 9.0.3-0ubuntu0.2
• libglapi-mesa - 9.0.3-0ubuntu0.2
• libopenvg1-mesa - 9.0.3-0ubuntu0.2
• libgles2-mesa - 9.0.3-0ubuntu0.2
• libegl1-mesa - 9.0.3-0ubuntu0.2
• libxatracker1 - 9.0.3-0ubuntu0.2
• libgles1-mesa - 9.0.3-0ubuntu0.2
• libgbm1 - 9.0.3-0ubuntu0.2

Ubuntu 12.04

• libxatracker1-lts-quantal - 9.0.3-0ubuntu0.1~precise3
• libgl1-mesa-dri - 8.0.4-0ubuntu0.6
• libglu1-mesa - 8.0.4-0ubuntu0.6
• libopenvg1-mesa-lts-quantal - 9.0.3-0ubuntu0.1~precise3
• libgl1-mesa-glx - 8.0.4-0ubuntu0.6
• libgles2-mesa-lts-quantal - 9.0.3-0ubuntu0.1~precise3
• libosmesa6 - 8.0.4-0ubuntu0.6
• libgl1-mesa-swx11 - 8.0.4-0ubuntu0.6
• libglapi-mesa - 8.0.4-0ubuntu0.6
• libopenvg1-mesa - 8.0.4-0ubuntu0.6
• libgl1-mesa-dri-lts-quantal - 9.0.3-0ubuntu0.1~precise3
• libglapi-mesa-lts-quantal - 9.0.3-0ubuntu0.1~precise3
• libgles1-mesa-lts-quantal - 9.0.3-0ubuntu0.1~precise3
• libgl1-mesa-glx-lts-quantal - 9.0.3-0ubuntu0.1~precise3
• libgbm1-lts-quantal - 9.0.3-0ubuntu0.1~precise3
• libegl1-mesa - 8.0.4-0ubuntu0.6
• libgles2-mesa - 8.0.4-0ubuntu0.6
• libegl1-mesa-lts-quantal - 9.0.3-0ubuntu0.1~precise3
• libxatracker1 - 8.0.4-0ubuntu0.6
• libgles1-mesa - 8.0.4-0ubuntu0.6
• libgbm1 - 8.0.4-0ubuntu0.6

After a standard system update you need to restart your session to make all
the necessary changes.

References

• CVE-2013-1872
• CVE-2013-1993