Ubuntu
mesa package

glsl/linker: array buffer overrun [CVE-2012-2864]

Bug #1046933 reported by Steve Beattie
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mesa (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Mesa allows remote attackers to possibly execute arbitrary code due to a samplers array overflow in the glsl/linker.

References:
  http://googlechromereleases.blogspot.com/2012/08/stable-channel-update-for-chrome-os.html
  http://<email address hidden>/msg25207.html

Upstream commit:
  http://cgit.freedesktop.org/mesa/mesa/commit/src/glsl/link_uniforms.cpp?id=ff996cafce511dd8a6c4e066e409c23e147a670c

CVE References

Revision history for this message
Steve Beattie (sbeattie) wrote :

Here is a debdiff to address the issue. Confirmed to build with no additional compilation warnings on amd64.

Revision history for this message
Steve Beattie (sbeattie) wrote :

Looks like Didier incorporated this patch into his mesa_9.0~git20120903.e1673d20.is.git20120821.c1114c61-0ubuntu1 upload, closing this bug.

Thanks!

Changed in mesa (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.