Test Kennung:	1.3.6.1.4.1.25623.1.0.120306
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2013-198)
Zusammenfassung:	The remote host is missing an update for the 'mesa' package(s) announced via the ALAS-2013-198 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'mesa' package(s) announced via the ALAS-2013-198 advisory. Vulnerability Insight: An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) Affected Software/OS: 'mesa' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1872 60285 http://www.securityfocus.com/bid/60285 DSA-2704 http://www.debian.org/security/2013/dsa-2704 RHSA-2013:0897 http://rhn.redhat.com/errata/RHSA-2013-0897.html SUSE-SU-2013:1175 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00014.html USN-1888-1 http://www.ubuntu.com/usn/USN-1888-1 http://advisories.mageia.org/MGASA-2013-0190.html https://bugs.freedesktop.org/show_bug.cgi?id=59429 https://bugzilla.redhat.com/show_bug.cgi?id=923584 openSUSE-SU-2013:1188 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00019.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1993 DSA-2678 http://www.debian.org/security/2013/dsa-2678 MDVSA-2013:181 http://www.mandriva.com/security/advisories?name=MDVSA-2013:181 RHSA-2013:0898 http://rhn.redhat.com/errata/RHSA-2013-0898.html [Mesa-dev] 20130523 [PATCH:mesa 1/2] integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2] http://lists.freedesktop.org/archives/mesa-dev/2013-May/039720.html [Mesa-dev] 20130523 [PATCH:mesa 2/2] integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2] http://lists.freedesktop.org/archives/mesa-dev/2013-May/039722.html [oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 openSUSE-SU-2013:0865 http://lists.opensuse.org/opensuse-updates/2013-06/msg00007.html
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.