[Mesa-dev] [PATCH:mesa 0/2] integer overflows in GLX DRI code [CVE-2013-1993]

Alan Coopersmith alan.coopersmith at oracle.com
Thu May 23 08:44:02 PDT 2013

The X.Org security team has been notified by a security researcher of bugs in
the protocol handling code across libX11 & many of its extension libraries.
These could be exploited in X clients that are setuid or otherwise running
with raised privileges, if a user could run them with their display set to
a Xserver they've modified to exploit them (perhaps a custom Xephyr or remote
Xorg).   More details about these issues can be found in our advisory posting
at http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 .

One of the extensions affected is DRI, for which the code is not in a shared
libXdri, but copied into several locations, including Mesa's GLX library.
This series of patches corrects these bugs in Mesa's copy.

Alan Coopersmith (2):
  integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2]
  integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2]

 src/glx/XF86dri.c |   15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)


More information about the mesa-dev mailing list