Security update for Mesa

SUSE Security Update: Security update for Mesa
Announcement ID: SUSE-SU-2014:0906-1
Rating: moderate
References: #815451 #821855
Affected Products:
  • SUSE Linux Enterprise Server 11 SP1 LTSS

  • An update that solves one vulnerability and has one errata is now available.

    Description:


    This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of Mesa,
    fixing security issues.

    These issues required connection to a malicious X server to trigger the
    bugs in client libraries.

    Security issues fixed:

    * CVE-2013-1993: Multiple integer overflows in X.org libGLX in Mesa
    allowed X servers to trigger allocation of insufficient memory and a
    buffer overflow via vectors related to the (1) XF86DRIOpenConnection
    and (2) XF86DRIGetClientDriverName functions.

    Security Issues:

    * CVE-2013-1993

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 11 SP1 LTSS:
      zypper in -t patch slessp1-Mesa-9383

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):
      • Mesa-7.7-5.12.38
    • SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64):
      • Mesa-32bit-7.7-5.12.38

    References:

    • http://support.novell.com/security/cve/CVE-2013-1993.html
    • https://bugzilla.novell.com/815451
    • https://bugzilla.novell.com/821855
    • http://download.suse.com/patch/finder/?keywords=a5e9f18a66e24d049dd31d0f5a22e9f0