6.8 - RHSA-2013:0897

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	mesa security update

Informations
Name	RHSA-2013:0897	First vendor Publication	2013-06-03
Vendor	RedHat	Last vendor Modification	2013-06-03
Severity (Vendor)	Important	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips.

An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872)

It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993)

All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

923584 - CVE-2013-1872 Mesa: Memory corruption (OOB read/write) on intel drivers 961613 - CVE-2013-1993 Mesa: Multiple integer overflows leading to heap-based bufer overflows

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2013-0897.html

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
50 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:16898

Oval ID:	oval:org.mitre.oval:def:16898
Title:	USN-1888-1 -- Mesa vulnerabilities
Description:	Mesa could be made to crash or run programs as your login if it received specially crafted input.
Family:	unix	Class:	patch
Reference(s):	USN-1888-1 CVE-2013-1872 CVE-2013-1993	Version:	7
Platform(s):	Ubuntu 13.04 Ubuntu 12.04 Ubuntu 12.10	Product(s):
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND Installed architecture is all AND Packages section libgl1-mesa-dri DPKG is earlier than 9.0.3-0ubuntu0.2 AND libgl1-mesa-glx DPKG is earlier than 9.0.3-0ubuntu0.2 AND libosmesa6 DPKG is earlier than 9.0.3-0ubuntu0.2 AND libglapi-mesa DPKG is earlier than 9.0.3-0ubuntu0.2 AND libopenvg1-mesa DPKG is earlier than 9.0.3-0ubuntu0.2 AND libgles2-mesa DPKG is earlier than 9.0.3-0ubuntu0.2 AND libegl1-mesa DPKG is earlier than 9.0.3-0ubuntu0.2 AND libxatracker1 DPKG is earlier than 9.0.3-0ubuntu0.2 AND libgles1-mesa DPKG is earlier than 9.0.3-0ubuntu0.2 AND libgbm1 DPKG is earlier than 9.0.3-0ubuntu0.2 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND Packages section libxatracker1-lts-quantal DPKG is earlier than 9.0.3-0ubuntu0.1~precise3 AND libgl1-mesa-dri DPKG is earlier than 8.0.4-0ubuntu0.6 AND libglu1-mesa DPKG is earlier than 8.0.4-0ubuntu0.6 AND libopenvg1-mesa-lts-quantal DPKG is earlier than 9.0.3-0ubuntu0.1~precise3 AND libgl1-mesa-glx DPKG is earlier than 8.0.4-0ubuntu0.6 AND libgles2-mesa-lts-quantal DPKG is earlier than 9.0.3-0ubuntu0.1~precise3 AND libosmesa6 DPKG is earlier than 8.0.4-0ubuntu0.6 AND libgl1-mesa-swx11 DPKG is earlier than 8.0.4-0ubuntu0.6 AND libglapi-mesa DPKG is earlier than 8.0.4-0ubuntu0.6 AND libopenvg1-mesa DPKG is earlier than 8.0.4-0ubuntu0.6 AND libgl1-mesa-dri-lts-quantal DPKG is earlier than 9.0.3-0ubuntu0.1~precise3 AND libglapi-mesa-lts-quantal DPKG is earlier than 9.0.3-0ubuntu0.1~precise3 AND libgles1-mesa-lts-quantal DPKG is earlier than 9.0.3-0ubuntu0.1~precise3 AND libgl1-mesa-glx-lts-quantal DPKG is earlier than 9.0.3-0ubuntu0.1~precise3 AND libgbm1-lts-quantal DPKG is earlier than 9.0.3-0ubuntu0.1~precise3 AND libegl1-mesa DPKG is earlier than 8.0.4-0ubuntu0.6 AND libgles2-mesa DPKG is earlier than 8.0.4-0ubuntu0.6 AND libegl1-mesa-lts-quantal DPKG is earlier than 9.0.3-0ubuntu0.1~precise3 AND libxatracker1 DPKG is earlier than 8.0.4-0ubuntu0.6 AND libgles1-mesa DPKG is earlier than 8.0.4-0ubuntu0.6 AND libgbm1 DPKG is earlier than 8.0.4-0ubuntu0.6 OR Release section Ubuntu 13.04 is installed AND Installed architecture is all AND Packages section libgl1-mesa-dri DPKG is earlier than 9.1.3-0ubuntu0.3 AND libgl1-mesa-glx DPKG is earlier than 9.1.3-0ubuntu0.3 AND libosmesa6 DPKG is earlier than 9.1.3-0ubuntu0.3 AND libglapi-mesa DPKG is earlier than 9.1.3-0ubuntu0.3 AND libopenvg1-mesa DPKG is earlier than 9.1.3-0ubuntu0.3 AND libgles2-mesa DPKG is earlier than 9.1.3-0ubuntu0.3 AND libegl1-mesa DPKG is earlier than 9.1.3-0ubuntu0.3 AND libxatracker1 DPKG is earlier than 9.1.3-0ubuntu0.3 AND libgles1-mesa DPKG is earlier than 9.1.3-0ubuntu0.3 AND libgbm1 DPKG is earlier than 9.1.3-0ubuntu0.3

Definition Id: oval:org.mitre.oval:def:19978

Oval ID:	oval:org.mitre.oval:def:19978
Title:	DSA-2678-1 mesa - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2678-1 CVE-2013-1993	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	mesa
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND mesa DPKG is earlier than 0:7.7.1-6 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND mesa DPKG is earlier than 0:8.0.5-4+deb7u1

Definition Id: oval:org.mitre.oval:def:20134

Oval ID:	oval:org.mitre.oval:def:20134
Title:	DSA-2704-1 mesa - out of bounds access
Description:	It was discovered that applications using the mesa library, a free implementation of the OpenGL API, may crash or execute arbitrary code due to an out of bounds memory access in the library. This vulnerability only affects systems with Intel chipsets.
Family:	unix	Class:	patch
Reference(s):	DSA-2704-1 CVE-2013-1872	Version:	5
Platform(s):	Debian GNU/Linux 7 Debian GNU/kFreeBSD 7	Product(s):	mesa
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND mesa DPKG is earlier than 0:8.0.5-4+deb7u2

Definition Id: oval:org.mitre.oval:def:20750

Oval ID:	oval:org.mitre.oval:def:20750
Title:	RHSA-2013:0898: mesa security update (Moderate)
Description:	Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0898-00 CESA-2013:0898 CVE-2013-1993	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	mesa
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x Packages section mesa-libGLw is earlier than 0:6.5.1-7.11.el5_9 AND glx-utils is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGLU is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGL-devel is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGLU-devel is earlier than 0:6.5.1-7.11.el5_9 AND mesa-source is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGLw-devel is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libOSMesa is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGL is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libOSMesa-devel is earlier than 0:6.5.1-7.11.el5_9 AND mesa is earlier than 0:6.5.1-7.11.el5_9

Definition Id: oval:org.mitre.oval:def:21213

Oval ID:	oval:org.mitre.oval:def:21213
Title:	RHSA-2013:0897: mesa security update (Important)
Description:	Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0897-01 CESA-2013:0897 CVE-2013-1872 CVE-2013-1993	Version:	31
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	mesa
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section mesa-libGL-devel is earlier than 0:9.0-0.8.el6_4.3 AND glx-utils is earlier than 0:9.0-0.8.el6_4.3 AND mesa-dri-drivers is earlier than 0:9.0-0.8.el6_4.3 AND mesa is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libGLU is earlier than 0:9.0-0.8.el6_4.3 AND mesa-dri-filesystem is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libGL is earlier than 0:9.0-0.8.el6_4.3 AND mesa-demos is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libGLU-devel is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libOSMesa-devel is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libOSMesa is earlier than 0:9.0-0.8.el6_4.3

Definition Id: oval:org.mitre.oval:def:23525

Oval ID:	oval:org.mitre.oval:def:23525
Title:	ELSA-2013:0898: mesa security update (Moderate)
Description:	Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0898-00 CVE-2013-1993	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	mesa
Definition Synopsis:
Oracle Linux 5.x rpm test mesa-libGLw is earlier than 0:6.5.1-7.11.el5_9 AND glx-utils is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGLU is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGL-devel is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGLU-devel is earlier than 0:6.5.1-7.11.el5_9 AND mesa-source is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGLw-devel is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libOSMesa is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGL is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libOSMesa-devel is earlier than 0:6.5.1-7.11.el5_9 AND mesa is earlier than 0:6.5.1-7.11.el5_9

Definition Id: oval:org.mitre.oval:def:23674

Oval ID:	oval:org.mitre.oval:def:23674
Title:	ELSA-2013:0897: mesa security update (Important)
Description:	Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0897-01 CVE-2013-1872 CVE-2013-1993	Version:	13
Platform(s):	Oracle Linux 6	Product(s):	mesa
Definition Synopsis:
Oracle Linux 6.x rpm test mesa-libGL-devel is earlier than 0:9.0-0.8.el6_4.3 AND glx-utils is earlier than 0:9.0-0.8.el6_4.3 AND mesa-dri-drivers is earlier than 0:9.0-0.8.el6_4.3 AND mesa is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libGLU is earlier than 0:9.0-0.8.el6_4.3 AND mesa-dri-filesystem is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libGL is earlier than 0:9.0-0.8.el6_4.3 AND mesa-demos is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libGLU-devel is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libOSMesa-devel is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libOSMesa is earlier than 0:9.0-0.8.el6_4.3

Definition Id: oval:org.mitre.oval:def:25613

Oval ID:	oval:org.mitre.oval:def:25613
Title:	SUSE-SU-2013:1098-2 -- Security update for Mesa
Description:	This update of Mesa fixes multiple integer overflows. Security Issue reference: * CVE-2013-1993 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1098-2 CVE-2013-1993	Version:	3
Platform(s):	SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 10	Product(s):	Mesa
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 10 is installed AND SUSE Linux Enterprise Desktop 10 is installed Packages match section Mesa RPM is earlier than 0:6.4.2-19.20.2 AND Mesa-devel RPM is earlier than 0:6.4.2-19.20.2 AND Mesa-32bit RPM is earlier than 0:6.4.2-19.20.2 AND Mesa-devel-32bit RPM is earlier than 0:6.4.2-19.20.2

Definition Id: oval:org.mitre.oval:def:25825

Oval ID:	oval:org.mitre.oval:def:25825
Title:	SUSE-SU-2014:0906-1 -- Security update for Mesa
Description:	This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of Mesa, fixing security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0906-1 CVE-2013-1993	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	Mesa
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section Mesa RPM is earlier than 0:7.7-5.12.38 AND Mesa-32bit RPM is earlier than 0:7.7-5.12.38

Definition Id: oval:org.mitre.oval:def:25982

Oval ID:	oval:org.mitre.oval:def:25982
Title:	SUSE-SU-2013:1175-1 -- Security update for Mesa
Description:	A memory corruption in the Mesa Intel drivers (OOB read/write) has been fixed. (CVE-2013-1872) This could have been potentially exploited by remote attackers who would have been able to inject 3d graphics into the attacked desktop. Security Issue reference: * CVE-2013-1872 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1872 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1175-1 CVE-2013-1872	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Mesa
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section Mesa RPM is earlier than 0:9.0.3-0.19.1 AND Mesa-32bit RPM is earlier than 0:9.0.3-0.19.1

Definition Id: oval:org.mitre.oval:def:26027

Oval ID:	oval:org.mitre.oval:def:26027
Title:	SUSE-SU-2013:1098-1 -- Security update for Mesa
Description:	This update of Mesa fixes multiple integer overflows. Security Issue reference: * CVE-2013-1993 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1098-1 CVE-2013-1993	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Mesa
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section Mesa RPM is earlier than 0:7.11.2-0.9.1 AND Mesa-32bit RPM is earlier than 0:7.11.2-0.9.1

Definition Id: oval:org.mitre.oval:def:27390

Oval ID:	oval:org.mitre.oval:def:27390
Title:	DEPRECATED: ELSA-2013-0898 -- mesa security update (moderate)
Description:	[6.5.1-7.11] - CVE-2013-1993 - buffer overflows in DRI protocol (#963066)
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0898 CVE-2013-1993	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	mesa
Definition Synopsis:
Oracle Linux 5.x Packages match section mesa is earlier than 0:6.5.1-7.11.el5_9 AND glx-utils is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGL is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGL-devel is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGLU is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGLU-devel is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGLw is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libGLw-devel is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libOSMesa is earlier than 0:6.5.1-7.11.el5_9 AND mesa-libOSMesa-devel is earlier than 0:6.5.1-7.11.el5_9 AND mesa-source is earlier than 0:6.5.1-7.11.el5_9

Definition Id: oval:org.mitre.oval:def:27564

Oval ID:	oval:org.mitre.oval:def:27564
Title:	DEPRECATED: ELSA-2013-0897 -- mesa security update (important)
Description:	[9.0-0.8.3] - CVE-2013-1872: Updated patch with testing from upstream (#963063) [9.0-0.8.2] - CVE-2013-1872: Updated patch from upstream (#963063) [9.0-0.8.1] - CVE-2013-1872: Updated patch (#963063) [9.0-0.8] - CVE-2013-1872: memory corruption oob read/write on intel (#963063) - CVE-2013-1993: interger overflows in protocol handling (#961613)
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0897 CVE-2013-1872 CVE-2013-1993	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	mesa
Definition Synopsis:
Oracle Linux 6.x Packages match section mesa is earlier than 0:9.0-0.8.el6_4.3 AND glx-utils is earlier than 0:9.0-0.8.el6_4.3 AND mesa-demos is earlier than 0:9.0-0.8.el6_4.3 AND mesa-dri-drivers is earlier than 0:9.0-0.8.el6_4.3 AND mesa-dri-filesystem is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libGL is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libGL-devel is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libGLU is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libGLU-devel is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libOSMesa is earlier than 0:9.0-0.8.el6_4.3 AND mesa-libOSMesa-devel is earlier than 0:9.0-0.8.el6_4.3

CPE : Common Platform Enumeration

Type	Description	Count
Application	mesa3d Mesa cpe:2.3:a:mesa3d:mesa:9.1:::::::* cpe:2.3:a:mesa3d:mesa:9.0.3:::::::* cpe:2.3:a:mesa3d:mesa:9.0.2:::::::* cpe:2.3:a:mesa3d:mesa:9.0.1:::::::* cpe:2.3:a:mesa3d:mesa:9.0:::::::* cpe:2.3:a:mesa3d:mesa:8.0.5:::::::* cpe:2.3:a:mesa3d:mesa:8.0.4:::::::* cpe:2.3:a:mesa3d:mesa:8.0.3:::::::* cpe:2.3:a:mesa3d:mesa:8.0.2:::::::* cpe:2.3:a:mesa3d:mesa:8.0.1:::::::* cpe:2.3:a:mesa3d:mesa:8.0:::::::*	11
Application	X Libglx cpe:2.3:a:x:libglx:-:::::::*	1
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*	3
Os	Opensuse cpe:2.3:o:opensuse:opensuse:12.3:::::::* cpe:2.3:o:opensuse:opensuse:12.2:::::::*	2
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*	1

Information Assurance Vulnerability Management (IAVM)

Date	Description
2013-06-06	IAVM : 2013-B-0061 - Multiple Vulnerabilities in Red Hat Enterprise Linux Version 6 Products Severity : Category I - VMSKEY : V0038873

Nessus® Vulnerability Scanner

Date	Description
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_xorg_20130924.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-577.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-366.nasl - Type : ACT_GATHER_INFO
2014-05-16	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-07.nasl - Type : ACT_GATHER_INFO
2014-04-08	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201404-06.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-198.nasl - Type : ACT_GATHER_INFO
2013-07-18	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_Mesa-130704.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0897.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0898.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_Mesa-130531.nasl - Type : ACT_GATHER_INFO
2013-06-28	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-182.nasl - Type : ACT_GATHER_INFO
2013-06-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1888-1.nasl - Type : ACT_GATHER_INFO
2013-06-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2704.nasl - Type : ACT_GATHER_INFO
2013-06-05	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2eebebffcd3b11e28f09001b38c3836c.nasl - Type : ACT_GATHER_INFO
2013-06-04	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0897.nasl - Type : ACT_GATHER_INFO
2013-06-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130603_mesa_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-06-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130603_mesa_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-06-04	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0898.nasl - Type : ACT_GATHER_INFO
2013-06-03	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0898.nasl - Type : ACT_GATHER_INFO
2013-06-03	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0897.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2678.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:57:16	Multiple Updates
2013-11-11 12:41:37	Multiple Updates
2013-08-20 17:26:38	Multiple Updates
2013-06-17 21:21:28	Multiple Updates
2013-06-16 00:21:27	Multiple Updates
2013-06-03 21:21:46	First insertion

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	13
CPE ID(s)	18
IAVM(s)	1
Nessus® Exploit(s)	21

	Related
6.8	CVE-2013-1993
6.8	CVE-2013-1872
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)