Summary: | <media-libs/mesa-8.0.4-r1 : Arbitrary code execution via unspecified vectors related to 'array overflow' (CVE-2012-2864) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | kripton, x11 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2864 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-08-23 10:40:02 UTC
CVE-2012-2864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2864): Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow." Fix was committed upstream: http://cgit.freedesktop.org/mesa/mesa/commit/?id=ff996cafce511dd8a6c4e066e409c23e147a670c It is not yet fixed in the 8.0 branch Arches, please stabilize media-libs/mesa-8.0.4-r1 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86 Versions before 8.0 are not affected. (In reply to comment #3) > Arches, please stabilize media-libs/mesa-8.0.4-r1 > > Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86 =media-libs/mesa-8.0.4-r1 =app-admin/eselect-opengl-1.2.6.1 =x11-proto/glproto-1.4.16 amd64 stable Stable for HPPA. x86 done arm stable alpha/ia64/sh/sparc stable ppc has a major version stable ppc64 stable All arches done. Thanks, everyone. GLSA draft ready for review. This issue was resolved and addressed in GLSA 201404-06 at http://security.gentoo.org/glsa/glsa-201404-06.xml by GLSA coordinator Mikle Kolyada (Zlogene). |