The X.Org security team has been notified by a security researcher of bugs in the protocol handling code across libX11 & many of its extension libraries. These could be exploited in X clients that are setuid or otherwise running with raised privileges, if a user could run them with their display set to a Xserver they've modified to exploit them (perhaps a custom Xephyr or remote Xorg). More details about these issues can be found in our advisory posting at http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 .
One of the extensions affected is DRI, for which the code is not in a shared libXdri, but copied into several locations, including Mesa's GLX library. This series of patches corrects these bugs in Mesa's copy. Alan Coopersmith (2): integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2] integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2] src/glx/XF86dri.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) -- 1.7.9.2 _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev
