-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.0669
             Updated mesa packages fix security vulnerability
                                14 May 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mesa
Publisher:         Mandriva
Operating System:  Mandriva Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-5129  

Reference:         ESB-2013.0644

Original Bulletin: 
   http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:164/

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:164
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : mesa
 Date    : May 13, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated mesa packages fix security vulnerability:
 
 It was discovered that Mesa incorrectly handled certain arrays. An
 attacker could use this issue to cause Mesa to crash, resulting in a
 denial of service, or possibly execute arbitrary code (CVE-2012-5129).
 
 Mesa has also been updated to version 8.0.5, fixing several bugs.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5129
 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0143
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 cb06a5cac3f9fa3f0d2c866598aa7a36  mbs1/x86_64/lib64dri-drivers-8.0.5-1.mbs1.x86_64.rpm
 f2a98f31e037cb3abca4bf4e7add59ba  mbs1/x86_64/lib64gbm1-8.0.5-1.mbs1.x86_64.rpm
 3db027f3349da9f87af8e255e7504e1e  mbs1/x86_64/lib64gbm1-devel-8.0.5-1.mbs1.x86_64.rpm
 9b0c52329f3c4315a6fe8bcf97bf5bbf  mbs1/x86_64/lib64glapi0-8.0.5-1.mbs1.x86_64.rpm
 261c0587b551dc3a2979e5a793bbd438  mbs1/x86_64/lib64glapi0-devel-8.0.5-1.mbs1.x86_64.rpm
 9d25805e84c684bdf8aa8f76894403ee  mbs1/x86_64/lib64mesaegl1-8.0.5-1.mbs1.x86_64.rpm
 1f961b47739679365dc17c2391430123  mbs1/x86_64/lib64mesaegl1-devel-8.0.5-1.mbs1.x86_64.rpm
 14a189a35767f5839f1be2860b28289a  mbs1/x86_64/lib64mesagl1-8.0.5-1.mbs1.x86_64.rpm
 8122ce03c2dff2f6a9ae68fe76d228ee  mbs1/x86_64/lib64mesagl1-devel-8.0.5-1.mbs1.x86_64.rpm
 3fe4404b1dedd68e95cbbb31a1a8f2b1  mbs1/x86_64/lib64mesaglesv1_1-8.0.5-1.mbs1.x86_64.rpm
 def8114e6723ab4464b767e000f3ec84  mbs1/x86_64/lib64mesaglesv1_1-devel-8.0.5-1.mbs1.x86_64.rpm
 5977b769f9d51677d6e01144e34a6fd7  mbs1/x86_64/lib64mesaglesv2_2-8.0.5-1.mbs1.x86_64.rpm
 277b2b772034d0cf063d8b50e0a1dd48  mbs1/x86_64/lib64mesaglesv2_2-devel-8.0.5-1.mbs1.x86_64.rpm
 6280570c002cc5ae435eafc7ef9c7870  mbs1/x86_64/lib64mesaglu1-8.0.5-1.mbs1.x86_64.rpm
 3fe7ab22b68cead65df8bb71594f940f  mbs1/x86_64/lib64mesaglu1-devel-8.0.5-1.mbs1.x86_64.rpm
 71b6233fe83c13368da65a10ce19be1e  mbs1/x86_64/lib64mesaopenvg1-8.0.5-1.mbs1.x86_64.rpm
 034793f6b661a284bce591d85696c0b4  mbs1/x86_64/lib64mesaopenvg1-devel-8.0.5-1.mbs1.x86_64.rpm
 14eeccb8ce19479c5b213805c13d7e2a  mbs1/x86_64/lib64wayland-egl1-8.0.5-1.mbs1.x86_64.rpm
 234da3b9878104b5f18ae69e91f1e083  mbs1/x86_64/lib64wayland-egl1-devel-8.0.5-1.mbs1.x86_64.rpm
 8cf136a1417283b68c3a5647f8737ea7  mbs1/x86_64/mesa-8.0.5-1.mbs1.x86_64.rpm
 823a8c551215f69e3314f3feecd7c1f7  mbs1/x86_64/mesa-common-devel-8.0.5-1.mbs1.x86_64.rpm 
 5b6a05a53bf9ed88bda5359e53506e96  mbs1/SRPMS/mesa-8.0.5-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRkNAPmqjQ0CJFipgRAotZAKDj+mWdMvq4N2THnW2cM+hdL9niVACfXzEo
yl1wawSnTIFwa8gY0rvSNYw=
=/Hxj
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUZF7h+4yVqjM2NGpAQIBLQ//VZtB3UWC59HxNgp8APmt57soTvmoYb9w
Js0dDWNGrun7riggOikq9ILHHqjwToCzZl4FAH8RHbqmomVkZAMic4ntFQmRffKF
CI861frr4owixUKdtAm75PsjU0Qy7i2Yaig74StCDZOLAimWyFjT1jC7QjfnFOf2
wElSF+JePEJqqxAlg3ZHuKiVifBCw+rmabSzFT2AGpnm3iyzjtrfXhlvWBR17ZpP
zAk9skZfcfAWdWW5cLwyflz+RguNQxWimR/Eq/8ztNrrcwXaJCojAYEIvyv1RwrD
x16y6FzX96oTpr+JeQValan+GI3SU8uVin5rhmLcLTAbraztyobiJjBvDtK7KM1o
rTr8TdXUlAkDxjIrSGn36E7gtHx7yLiQkJzW9a/4O+bLrj80sJvu0V1wNu2n/24N
mst9xKRiCuQQuA18c+yAoQ57m4UbrYcu2KkpKupq0H/a1LXmXpVNdhiQd4mA4Ntu
ZhSsBh2oG0XpUSVirY0bFWugIUPjFokob1r+B7GInkmtKk578cDTxriUaOnWJSCR
njA162DVAnEo4hr1jNJ+067u6VeGfKr/9Ig4NABdNAsmWjG/kek/97JBh4t49W4/
pqpoPMyQyjW9M33bcFRqdSdKLGSwkRe89vz5iHOjqKnpozD83/XqCneKWfhCpKd/
Abpywc1JLCk=
=N2V5
-----END PGP SIGNATURE-----