Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Mesa
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Mesa
ID: USN-4271-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 19.10
Datum: Do, 6. Februar 2020, 17:45
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5068
Applikationen: Mesa

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1432318374745502754==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="kM44mCfVNki3EauG5grUh2f8zXrchu1Ce"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--kM44mCfVNki3EauG5grUh2f8zXrchu1Ce
Content-Type: multipart/mixed;
boundary="yzE23vtUIzkFnwnZogOjJpldpOcW2bzqX"

--yzE23vtUIzkFnwnZogOjJpldpOcW2bzqX
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4271-1
February 06, 2020

mesa vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.10
- Ubuntu 18.04 LTS

Summary:

Mesa could be made to expose sensitive information.

Software Description:
- mesa: free implementation of the EGL API

Details:

Tim Brown discovered that Mesa incorrectly handled shared memory
permissions. A local attacker could use this issue to obtain and possibly
alter sensitive information belonging to another user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
libd3dadapter9-mesa 19.2.8-0ubuntu0~19.10.2
libegl-mesa0 19.2.8-0ubuntu0~19.10.2
libegl1-mesa 19.2.8-0ubuntu0~19.10.2
libgbm1 19.2.8-0ubuntu0~19.10.2
libgl1-mesa-dri 19.2.8-0ubuntu0~19.10.2
libgl1-mesa-glx 19.2.8-0ubuntu0~19.10.2
libglapi-mesa 19.2.8-0ubuntu0~19.10.2
libgles2-mesa 19.2.8-0ubuntu0~19.10.2
libglx-mesa0 19.2.8-0ubuntu0~19.10.2
libosmesa6 19.2.8-0ubuntu0~19.10.2
libwayland-egl1-mesa 19.2.8-0ubuntu0~19.10.2
libxatracker2 19.2.8-0ubuntu0~19.10.2
mesa-opencl-icd 19.2.8-0ubuntu0~19.10.2
mesa-va-drivers 19.2.8-0ubuntu0~19.10.2
mesa-vdpau-drivers 19.2.8-0ubuntu0~19.10.2
mesa-vulkan-drivers 19.2.8-0ubuntu0~19.10.2

Ubuntu 18.04 LTS:
libd3dadapter9-mesa 19.2.8-0ubuntu0~18.04.2
libegl-mesa0 19.2.8-0ubuntu0~18.04.2
libegl1-mesa 19.2.8-0ubuntu0~18.04.2
libgbm1 19.2.8-0ubuntu0~18.04.2
libgl1-mesa-dri 19.2.8-0ubuntu0~18.04.2
libgl1-mesa-glx 19.2.8-0ubuntu0~18.04.2
libglapi-mesa 19.2.8-0ubuntu0~18.04.2
libgles2-mesa 19.2.8-0ubuntu0~18.04.2
libglx-mesa0 19.2.8-0ubuntu0~18.04.2
libosmesa6 19.2.8-0ubuntu0~18.04.2
libwayland-egl1-mesa 19.2.8-0ubuntu0~18.04.2
libxatracker2 19.2.8-0ubuntu0~18.04.2
mesa-opencl-icd 19.2.8-0ubuntu0~18.04.2
mesa-va-drivers 19.2.8-0ubuntu0~18.04.2
mesa-vdpau-drivers 19.2.8-0ubuntu0~18.04.2
mesa-vulkan-drivers 19.2.8-0ubuntu0~18.04.2

After a standard system update you need to restart your session to make
all the necessary changes.

References:
https://usn.ubuntu.com/4271-1
CVE-2019-5068

Package Information:
https://launchpad.net/ubuntu/+source/mesa/19.2.8-0ubuntu0~19.10.2
https://launchpad.net/ubuntu/+source/mesa/19.2.8-0ubuntu0~18.04.2


--yzE23vtUIzkFnwnZogOjJpldpOcW2bzqX--

--kM44mCfVNki3EauG5grUh2f8zXrchu1Ce
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl48JIMACgkQZWnYVadE
vpNhCw/+OWsVYMw/paJknDhuEGSNiXygTVmYTfF+rEvOfT8wKKv0bNtXAnaJdqLm
ky5wfy3ZTIOkYX8Xt5kbI6GVvuqOGNQQB2NHPJBXe+E82Dlfjbr5S+pvMcdtwI08
CbLvSjjWCEVwoI+z121y57wwg9JlcV7YNIDLtX12Nyiu4ZmK71P0Kokyubz6/alp
IbCWEyD/U8BDvwSKviP66U75mVZ9YY4/RS7ufWnf0nZFqtZG6bvtWkKAiHna4tpJ
fhFickD8cEcVbNF41ep8llZ11OzAIUS8rtSf8Q2+ZV5lyrDNFba+dlUHjiN8TcnR
9s8xxOCeZR0/NHgAewAh8b5PcJ84kN1uE2MhMkkdHGUo5r9Gmf1gWH+MNLPP4IBK
mOEP9cJLqnjWJdauVqenS0Yekk/E2KWmyY9blXTv3hXME+zqOcDd894RTR6qO04v
BPZokCVZ6nM0sLsT/KVwrUNfaDZEOVbpnrDq/0rQ64KKuA/DWbNxYbcGRG3mrdFp
Ged0JNiNn/JCvtHH84BMqtcKLycpbTg0ko9RFLipdw5q+XvLVUC/PkgoeNq2d2yS
6+sy4nh6VhHW9ulu8ESAzMW9Y/lI0iGHzni1m1vLILL8T75JPj52Dd9/nO+SSfzH
3n1jrcX5hjypfSB6lG5hJaQ6RdZuOGDjdNQY7W9mXB8Sbk3snBQ=
=do05
-----END PGP SIGNATURE-----

--kM44mCfVNki3EauG5grUh2f8zXrchu1Ce--


--===============1432318374745502754==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============1432318374745502754==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung