Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1265201 - (CVE-2015-7178, CVE-2015-7179) CVE-2015-7178 CVE-2015-7179 Mozilla: Memory safety errors in libGLES in the ANGLE graphics library (MFSA 2015-113)
CVE-2015-7178 CVE-2015-7179 Mozilla: Memory safety errors in libGLES in the A...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
impact=critical,public=20150922,repor...
: Security
Depends On:
Blocks: 1261782
  Show dependency treegraph
 
Reported: 2015-09-22 07:16 EDT by Prasad J Pandit
Modified: 2015-09-24 08:40 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-22 07:56:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Prasad J Pandit 2015-09-22 07:16:53 EDT 
Security researcher Ronald Crane reported two issues in the libGLES portions of the ANGLE graphics library, used for WebGL and OpenGL content on Windows systems. The first of these is a missing bounds check leading to memory safety errors when manipulating shaders which could result in the writing to unowned memory. The second issue also affects shaders when insufficient memory is allocated for a shader attribute array, leading to a buffer overflow. Both of these issues can lead to a potentially exploitable crash.

Note: These issues are specific to Windows and does not affect Linux or OS X
systems.

External References:

https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/
Comment 1 Martin Prpič 2015-09-24 08:40:28 EDT 
Acknowledgements:

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ronald Crane as the original reporter.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.