============================================================================ Ubuntu Security Notice USN-1888-1 June 20, 2013 mesa, mesa-lts-quantal vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Mesa could be made to crash or run programs as your login if it received specially crafted input. Software Description: - mesa: free implementation of the EGL API - mesa-lts-quantal: free implementation of the EGL API Details: It was discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. (CVE-2013-1872) Ilja van Sprundel discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. (CVE-2013-1993) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: libegl1-mesa 9.1.3-0ubuntu0.3 libgbm1 9.1.3-0ubuntu0.3 libgl1-mesa-dri 9.1.3-0ubuntu0.3 libgl1-mesa-glx 9.1.3-0ubuntu0.3 libglapi-mesa 9.1.3-0ubuntu0.3 libgles1-mesa 9.1.3-0ubuntu0.3 libgles2-mesa 9.1.3-0ubuntu0.3 libopenvg1-mesa 9.1.3-0ubuntu0.3 libosmesa6 9.1.3-0ubuntu0.3 libxatracker1 9.1.3-0ubuntu0.3 Ubuntu 12.10: libegl1-mesa 9.0.3-0ubuntu0.2 libgbm1 9.0.3-0ubuntu0.2 libgl1-mesa-dri 9.0.3-0ubuntu0.2 libgl1-mesa-glx 9.0.3-0ubuntu0.2 libglapi-mesa 9.0.3-0ubuntu0.2 libgles1-mesa 9.0.3-0ubuntu0.2 libgles2-mesa 9.0.3-0ubuntu0.2 libopenvg1-mesa 9.0.3-0ubuntu0.2 libosmesa6 9.0.3-0ubuntu0.2 libxatracker1 9.0.3-0ubuntu0.2 Ubuntu 12.04 LTS: libegl1-mesa 8.0.4-0ubuntu0.6 libegl1-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3 libgbm1 8.0.4-0ubuntu0.6 libgbm1-lts-quantal 9.0.3-0ubuntu0.1~precise3 libgl1-mesa-dri 8.0.4-0ubuntu0.6 libgl1-mesa-dri-lts-quantal 9.0.3-0ubuntu0.1~precise3 libgl1-mesa-glx 8.0.4-0ubuntu0.6 libgl1-mesa-glx-lts-quantal 9.0.3-0ubuntu0.1~precise3 libgl1-mesa-swx11 8.0.4-0ubuntu0.6 libglapi-mesa 8.0.4-0ubuntu0.6 libglapi-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3 libgles1-mesa 8.0.4-0ubuntu0.6 libgles1-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3 libgles2-mesa 8.0.4-0ubuntu0.6 libgles2-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3 libglu1-mesa 8.0.4-0ubuntu0.6 libopenvg1-mesa 8.0.4-0ubuntu0.6 libopenvg1-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3 libosmesa6 8.0.4-0ubuntu0.6 libxatracker1 8.0.4-0ubuntu0.6 libxatracker1-lts-quantal 9.0.3-0ubuntu0.1~precise3 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1888-1 CVE-2013-1872, CVE-2013-1993 Package Information: https://launchpad.net/ubuntu/+source/mesa/9.1.3-0ubuntu0.3 https://launchpad.net/ubuntu/+source/mesa/9.0.3-0ubuntu0.2 https://launchpad.net/ubuntu/+source/mesa/8.0.4-0ubuntu0.6 https://launchpad.net/ubuntu/+source/mesa-lts-quantal/9.0.3-0ubuntu0.1~precise3