Multiple integer overflows leading to heap-based buffer overflows were found in libGLX in Mesa 9.1.1 and earlier Affected functions: XF86DRIOpenConnection(), XF86DRIGetClientDriverName()
Public via: http://www.openwall.com/lists/oss-security/2013/05/23/3
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0898 https://rhn.redhat.com/errata/RHSA-2013-0898.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0897 https://rhn.redhat.com/errata/RHSA-2013-0897.html
External References: http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
(In reply to errata-xmlrpc from comment #6) > This issue has been addressed in following products: > > Red Hat Enterprise Linux 6 > > Via RHSA-2013:0897 https://rhn.redhat.com/errata/RHSA-2013-0897.html patch seems to be causing glxinfo to crash in VirtualBox http://www.virtualbox.org/ticket/12043 affects my CentOS 6.4 machine but since CentOS is a rebuild/clone it probably affects RHEL 6.4 as well
(In reply to thepouar from comment #8) > (In reply to errata-xmlrpc from comment #6) > > This issue has been addressed in following products: > > > > Red Hat Enterprise Linux 6 > > > > Via RHSA-2013:0897 https://rhn.redhat.com/errata/RHSA-2013-0897.html > > patch seems to be causing glxinfo to crash in VirtualBox > http://www.virtualbox.org/ticket/12043 > affects my CentOS 6.4 machine but since CentOS is a rebuild/clone it > probably affects RHEL 6.4 as well Hi, The above crash is non-security in nature and is already in the queue for the next minor release.
(In reply to Huzaifa S. Sidhpurwala from comment #9) > (In reply to thepouar from comment #8) > > (In reply to errata-xmlrpc from comment #6) > > > This issue has been addressed in following products: > > > > > > Red Hat Enterprise Linux 6 > > > > > > Via RHSA-2013:0897 https://rhn.redhat.com/errata/RHSA-2013-0897.html > > > > patch seems to be causing glxinfo to crash in VirtualBox > > http://www.virtualbox.org/ticket/12043 > > affects my CentOS 6.4 machine but since CentOS is a rebuild/clone it > > probably affects RHEL 6.4 as well > > Hi, > > The above crash is non-security in nature and is already in the queue for > the next minor release. good point