[Mesa-dev] [PATCH:mesa 0/2] integer overflows in GLX DRI code [CVE-2013-1993]
alan.coopersmith at oracle.com
Thu May 23 08:44:02 PDT 2013
The X.Org security team has been notified by a security researcher of bugs in
the protocol handling code across libX11 & many of its extension libraries.
These could be exploited in X clients that are setuid or otherwise running
with raised privileges, if a user could run them with their display set to
a Xserver they've modified to exploit them (perhaps a custom Xephyr or remote
Xorg). More details about these issues can be found in our advisory posting
at http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 .
One of the extensions affected is DRI, for which the code is not in a shared
libXdri, but copied into several locations, including Mesa's GLX library.
This series of patches corrects these bugs in Mesa's copy.
Alan Coopersmith (2):
integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2]
integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2]
src/glx/XF86dri.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
More information about the mesa-dev