Bug 432400 (CVE-2012-2864)

Summary:	<media-libs/mesa-8.0.4-r1 : Arbitrary code execution via unspecified vectors related to 'array overflow' (CVE-2012-2864)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	kripton, x11
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2864
Whiteboard:	A2 [glsa]
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2012-08-23 10:40:02 UTC

From red hat bugzilla at $URL:

Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2864 to the following vulnerability:

Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."

References:
[1] http://code.google.com/p/chromium/issues/detail?id=141901 (private)
[2] http://googlechromereleases.blogspot.com/2012/08/stable-channel-update-for-chrome-os.html

Upstream patch:
http://www.mail-archive.com/mesa-dev@lists.freedesktop.org/msg25207.html

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2012-08-24 21:49:08 UTC

CVE-2012-2864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2864):
  Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48,
  and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung
  Chromebox Series 3, allows remote attackers to execute arbitrary code via
  unspecified vectors that trigger an "array overflow."

Comment 2 Chí-Thanh Christopher Nguyễn gentoo-dev

2012-08-24 22:53:47 UTC

Fix was committed upstream:
http://cgit.freedesktop.org/mesa/mesa/commit/?id=ff996cafce511dd8a6c4e066e409c23e147a670c
It is not yet fixed in the 8.0 branch

Comment 3 Chí-Thanh Christopher Nguyễn gentoo-dev

2012-09-01 16:53:01 UTC

Arches, please stabilize media-libs/mesa-8.0.4-r1

Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86

Versions before 8.0 are not affected.

Comment 4 Agostino Sarubbo gentoo-dev

2012-09-02 17:41:38 UTC

(In reply to comment #3)
> Arches, please stabilize media-libs/mesa-8.0.4-r1
> 
> Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86

=media-libs/mesa-8.0.4-r1
=app-admin/eselect-opengl-1.2.6.1
=x11-proto/glproto-1.4.16

Comment 5 Agostino Sarubbo gentoo-dev

2012-09-02 18:02:30 UTC

amd64 stable

Comment 6 Jeroen Roovers (RETIRED) gentoo-dev

2012-09-04 14:51:54 UTC

Stable for HPPA.

Comment 7 Andreas Schürch gentoo-dev

2012-09-12 10:52:03 UTC

x86 done

Comment 8 Markus Meier gentoo-dev

2012-09-16 19:42:37 UTC

arm stable

Comment 9 Raúl Porcel (RETIRED) gentoo-dev

2012-09-24 18:10:10 UTC

alpha/ia64/sh/sparc stable

Comment 10 Agostino Sarubbo gentoo-dev

2012-12-02 15:09:25 UTC

ppc has a major version stable

Comment 11 Agostino Sarubbo gentoo-dev

2012-12-02 20:42:55 UTC

ppc64 stable

Comment 12 Chí-Thanh Christopher Nguyễn gentoo-dev

2012-12-02 21:06:08 UTC

All arches done.

Comment 13 Sean Amoss (RETIRED) gentoo-dev

2012-12-03 01:53:22 UTC

Thanks, everyone.

GLSA draft ready for review.

Comment 14 GLSAMaker/CVETool Bot gentoo-dev

2014-04-08 09:28:05 UTC

This issue was resolved and addressed in
 GLSA 201404-06 at http://security.gentoo.org/glsa/glsa-201404-06.xml
by GLSA coordinator Mikle Kolyada (Zlogene).