Multiple integer overflows leading to heap-based buffer overflows were found in the openchrome, an X.Org X11 openchrome video driver. Affected functions: uniDRIOpenConnection(), uniDRIGetClientDriverName()
Public via: http://www.openwall.com/lists/oss-security/2013/05/23/3
Created xorg-x11-drv-openchrome tracking bugs for this issue Affects: fedora-all [bug 966821]
xorg-x11-drv-openchrome-0.3.3-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
xorg-x11-drv-openchrome-0.3.3-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
xorg-x11-drv-openchrome-0.3.3-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This issue affects the version of xorg-x11-drv-openchrome as shipped with Red Hat Enterprise Linux 6.
Statement: (none)
External References: http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHBA-2014:1376 https://rhn.redhat.com/errata/RHBA-2014-1376.html