828007 – (CVE-2013-1872) VUL-0: CVE-2013-1872: Mesa: Memory corruption (OOB read/write) on intel drivers

Bug 828007 (CVE-2013-1872) - VUL-0: CVE-2013-1872: Mesa: Memory corruption (OOB read/write) on intel drivers

Summary: VUL-0: CVE-2013-1872: Mesa: Memory corruption (OOB read/write) on intel drivers

Status:	RESOLVED FIXED

Alias:	CVE-2013-1872

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Deadline:	2013-07-11
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp3:53437
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-07-03 15:36 UTC by Marcus Meissner
Modified:	2013-07-12 12:04 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2013-07-03 15:36:07 UTC

is public, via rh bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=923584

An Out-of-bounds memory read / write flaw was found in Mesa. A remote attacker could use this flaw to crash an application linked against or, potentially, execute arbitrary code via an application linked against Mesa graphics libraries.

References:

https://bugs.freedesktop.org/show_bug.cgi?id=59429
https://code.google.com/p/chromium/issues/detail?id=169054 (private)
https://bugzilla.mozilla.org/show_bug.cgi?id=827106 (private)

Comment 1 Marcus Meissner 2013-07-03 15:37:07 UTC

(hard to say what versions are affected ... can you check Stefan?)

Comment 2 Egbert Eich 2013-07-03 16:08:48 UTC

The issue was introduced with:
commit ee0373b833155804bb8846c6f05f897b9ee5afa6
Author: Eric Anholt <eric@anholt.net>
Date:   Mon Jul 25 18:13:04 2011 -0700

    i965/fs: Don't upload unused uniform components.

This patch appeared in Mesa 8.0.

Comment 5 Egbert Eich 2013-07-03 17:02:16 UTC

Forgot to mention: Upstream commit ID of fix:

commit 0677ea063cd96adefe87c1fb01ef7c66d905535b
Author: Dave Airlie <airlied@gmail.com>
Date:   Thu May 30 20:21:56 2013 +1000

    i965: fix problem with constant out of bounds access (v3)

Comment 8 Swamp Workflow Management 2013-07-04 10:14:06 UTC

The SWAMPID for this issue is 53436.
This issue was rated as important.
Please submit fixed packages until 2013-07-11.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 9 Egbert Eich 2013-07-04 10:48:15 UTC

Submitted. Req IDs:
SUSE:SLE-11-SP2:Update:HW-Refresh:2013-A:Test: 27531
SUSE:SLE-11-SP3:Update:Test: 27532

Punk openSUSE is finally done building ...
12.3 - req ID: Request: #182177
12.2 - req ID: Request: #182178

Comment 10 Swamp Workflow Management 2013-07-10 18:48:17 UTC

Update released for: Mesa, Mesa-32bit, Mesa-debuginfo, Mesa-debuginfo-32bit, Mesa-debuginfo-x86, Mesa-debugsource, Mesa-devel, Mesa-devel-32bit, Mesa-devel-static, Mesa-x86
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)

Comment 11 Marcus Meissner 2013-07-12 11:56:56 UTC

released

Comment 12 Swamp Workflow Management 2013-07-12 12:04:27 UTC

openSUSE-SU-2013:1188-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 828007
CVE References: CVE-2013-1872
Sources used:
openSUSE 12.3 (src):    Mesa-9.0.2-34.20.1
openSUSE 12.2 (src):    Mesa-8.0.4-20.27.1