Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0447 USN-4271-1: Mesa vulnerability 7 February 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mesa Publisher: Ubuntu Operating System: Ubuntu Impact/Access: Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-5068 Reference: ESB-2020.0217 ESB-2020.0204 ESB-2020.0175 ESB-2019.4354 Original Bulletin: https://usn.ubuntu.com/4271-1/ - --------------------------BEGIN INCLUDED TEXT-------------------- USN-4271-1: Mesa vulnerability 6 February 2020 mesa vulnerability A security issue affects these releases of Ubuntu and its derivatives: o Ubuntu 19.10 o Ubuntu 18.04 LTS Summary Mesa could be made to expose sensitive information. Software Description o mesa - free implementation of the EGL API Details Tim Brown discovered that Mesa incorrectly handled shared memory permissions. A local attacker could use this issue to obtain and possibly alter sensitive information belonging to another user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libd3dadapter9-mesa - 19.2.8-0ubuntu0~19.10.2 libegl-mesa0 - 19.2.8-0ubuntu0~19.10.2 libegl1-mesa - 19.2.8-0ubuntu0~19.10.2 libgbm1 - 19.2.8-0ubuntu0~19.10.2 libgl1-mesa-dri - 19.2.8-0ubuntu0~19.10.2 libgl1-mesa-glx - 19.2.8-0ubuntu0~19.10.2 libglapi-mesa - 19.2.8-0ubuntu0~19.10.2 libgles2-mesa - 19.2.8-0ubuntu0~19.10.2 libglx-mesa0 - 19.2.8-0ubuntu0~19.10.2 libosmesa6 - 19.2.8-0ubuntu0~19.10.2 libwayland-egl1-mesa - 19.2.8-0ubuntu0~19.10.2 libxatracker2 - 19.2.8-0ubuntu0~19.10.2 mesa-opencl-icd - 19.2.8-0ubuntu0~19.10.2 mesa-va-drivers - 19.2.8-0ubuntu0~19.10.2 mesa-vdpau-drivers - 19.2.8-0ubuntu0~19.10.2 mesa-vulkan-drivers - 19.2.8-0ubuntu0~19.10.2 Ubuntu 18.04 LTS libd3dadapter9-mesa - 19.2.8-0ubuntu0~18.04.2 libegl-mesa0 - 19.2.8-0ubuntu0~18.04.2 libegl1-mesa - 19.2.8-0ubuntu0~18.04.2 libgbm1 - 19.2.8-0ubuntu0~18.04.2 libgl1-mesa-dri - 19.2.8-0ubuntu0~18.04.2 libgl1-mesa-glx - 19.2.8-0ubuntu0~18.04.2 libglapi-mesa - 19.2.8-0ubuntu0~18.04.2 libgles2-mesa - 19.2.8-0ubuntu0~18.04.2 libglx-mesa0 - 19.2.8-0ubuntu0~18.04.2 libosmesa6 - 19.2.8-0ubuntu0~18.04.2 libwayland-egl1-mesa - 19.2.8-0ubuntu0~18.04.2 libxatracker2 - 19.2.8-0ubuntu0~18.04.2 mesa-opencl-icd - 19.2.8-0ubuntu0~18.04.2 mesa-va-drivers - 19.2.8-0ubuntu0~18.04.2 mesa-vdpau-drivers - 19.2.8-0ubuntu0~18.04.2 mesa-vulkan-drivers - 19.2.8-0ubuntu0~18.04.2 To update your system, please follow these instructions: https:// wiki.ubuntu.com/Security/Upgrades . After a standard system update you need to restart your session to make all the necessary changes. References o CVE-2019-5068 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXjyxdmaOgq3Tt24GAQh5dxAAy9vKZYmJfMkZyxkcao3tOpVsFqqGQlwC x+uoz5UXvJ6n+oIgd2pQjwhteeSOo/b5eaoFl+ZHruf471AdkhYrASEOJxonjn+n ZCrn7BCwZLydofXxddB5v9wDwY6jeYMsI5gt82m6FoS13qBfJRTxDy8EgGDUTZff 7zNcCd19cVI1lA3rch6z47s/7wcTl+YF+8hvDT6/4tMqSd2us70K33gbnfix2IBB UKukRhpF5XevH0jAYN1R+u2du0WVZRDq4QUo9E7EEFSFs1usc2V3nsPkEo/3CNiz 7JdJKQ2AcJ+Ku46pvly68Ce8h0pfcPTOoRozjER/rzG7xwfFxvC2sLOJ2g42gT1S 86A6d8BLwdozvD4o/PifiS20ldhn2b/FzTfEez20yZUT6ow8ZIYKeyCMeRypgxgf iceocjIXJ3+fhVd78ln8wYILVlZ/CrRwILT76tgff8T3okyy0kh6LOkHF08ppal0 lutEPZU94UREEFagmSPDAuPuxrIx/K29u9+Cy/x6WRrer74sTPzUZr3UUQLvOlZv VBX9mbreMSyD3bCbOmgnKyJdMl0WR8lD7kTavfpA7SW9c4uOocjt8tFOKbs+U+yo yHo+SSNwM8uGOewztOhM4xBVW5Mvwoic3R/9PyZi3vCSaZ11Asfzl+Pj6jwMg1rc 66Kw/rD0ils= =nrDJ -----END PGP SIGNATURE-----