Oracle Solaris Third-Party Patch Update : libdrm (cve_2013_0913_numeric_errors)

high Nessus Plugin ID 80667

Synopsis

The remote Solaris system is missing a security patch for third-party software.

Description

The remote Solaris system is missing necessary patches to address security updates :

- Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. (CVE-2013-0913)

Solution

Upgrade to Solaris 11.2.

See Also

http://www.nessus.org/u?4a913f44

http://www.nessus.org/u?e59c0930

Plugin Details

Severity: High

ID: 80667

File Name: solaris11_libdrm_20140731.nasl

Version: 1.3

Type: local

Published: 1/19/2015

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:oracle:solaris:11.2, p-cpe:/a:oracle:solaris:libdrm

Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list

Patch Publication Date: 7/31/2014

Reference Information

CVE: CVE-2013-0913