SB2013052802 - Input validation error in xf86-video-openchrome (Alpine package)
Published: May 28, 2013
Security Bulletin ID
SB2013052802
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-1994)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=6f1d75b5103ad276d531dfc86801f4c7c42b8123
- https://git.alpinelinux.org/aports/commit/?id=86ae9d4fc821eecd82aebdbe840d51e8f448872f
- https://git.alpinelinux.org/aports/commit/?id=a2ad5e004d816d9ebfcd2d1bf9a94933c022dfa5
- https://git.alpinelinux.org/aports/commit/?id=4646c3ebc570c2dab174eb6317a997a7e8b950b8