Test ID:	1.3.6.1.4.1.25623.1.0.891993
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-1993-1)
Summary:	The remote host is missing an update for the Debian 'mesa' package(s) announced via the DLA-1993-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'mesa' package(s) announced via the DLA-1993-1 advisory. Vulnerability Insight: Tim Brown discovered a shared memory permissions vulnerability in the Mesa 3D graphics library. Some Mesa X11 drivers use shared-memory XImages to implement back buffers for improved performance, but Mesa creates shared memory regions with permission mode 0777. An attacker can access the shared memory without any specific permissions. For Debian 8 Jessie, this problem has been fixed in version 10.3.2-1+deb8u2. We recommend that you upgrade your mesa packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'mesa' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-5068 https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857 https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html SuSE Security Announcement: openSUSE-SU-2020:0084 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html https://usn.ubuntu.com/4271-1/
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.