CVE-2019-5068

NameCVE-2019-5068
DescriptionAn exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1993-1
NVD severitylow
Debian Bugs944298

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mesa (PTS)jessie10.3.2-1+deb8u1vulnerable
jessie (security)10.3.2-1+deb8u2fixed
stretch13.0.6-1vulnerable
buster18.3.6-2+deb10u1fixed
bullseye19.3.3-1fixed
sid20.0.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mesasource(unstable)19.2.6-1low944298
mesasourcebuster18.3.6-2+deb10u1
mesasourcejessie10.3.2-1+deb8u2DLA-1993-1

Notes

[stretch] - mesa <no-dsa> (Minor issue)
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
https://cgit.freedesktop.org/mesa/mesa/commit/?id=02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc

Search for package or bug name: Reporting problems