Source: nvidia-graphics-drivers Severity: critical Tags: security This is the NVIDIA-specific part of DSA-3095-1 xorg-server -- security update
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8298 The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Lixux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request. http://lists.x.org/archives/xorg-announce/2014-December/002500.html http://nvidia.custhelp.com/app/answers/detail/a_id/3610 Release series fixed in version -------------- ---------------- Releases prior to 304 Has reached 'end of life' and no longer supported. 304.* 304.125 available as of 12/9 319.* no longer supported 331.* 331.113 available as of 12/9 340.* 340.65 available as of 12/9 343.* 343.36 available as of 12/9 346.* 346.22 Beta available as of 12/9 All NVIDIA drivers (in non-free) are affected: not fixable (no new upstream release will be provided): nvidia-graphics-drivers-legacy-96xx | 96.43.18-2 | squeeze/non-free | source nvidia-graphics-drivers-legacy-96xx | 96.43.23-3 | wheezy/non-free | source nvidia-graphics-drivers-legacy-96xx | 96.43.23-7~bpo70+1 | wheezy-backports/non-free | source nvidia-graphics-drivers-legacy-173xx | 173.14.27-2 | squeeze/non-free | source nvidia-graphics-drivers-legacy-173xx | 173.14.35-1~bpo60+2 | squeeze-backports/non-free | source nvidia-graphics-drivers-legacy-173xx | 173.14.35-4 | wheezy/non-free | source nvidia-graphics-drivers-legacy-173xx | 173.14.39-2~bpo70+1 | wheezy-backports/non-free | source nvidia-graphics-drivers | 195.36.31-6squeeze2 | squeeze/non-free | source nvidia-graphics-drivers | 295.59-1~bpo60+2 | squeeze-backports/non-free | source uploads planned (new upstream release required): nvidia-graphics-drivers | 304.117-1 | wheezy/non-free | source nvidia-graphics-drivers-legacy-304xx | 304.123-4~bpo70+1 | wheezy-backports/non-free | source nvidia-graphics-drivers-legacy-304xx | 304.123-4 | jessie/non-free | source nvidia-graphics-drivers-legacy-304xx | 304.123-4 | sid/non-free | source nvidia-graphics-drivers | 319.82-1~bpo70+2 | wheezy-backports/non-free | source nvidia-graphics-drivers | 340.46-6 | jessie/non-free | source nvidia-graphics-drivers | 340.58-1 | sid/non-free | source nvidia-graphics-drivers | 343.22-2 | experimental/non-free | source I expect wheezy (only nvidia-graphics-drivers can be fixed there) shall be fixed via wheezy-proposed-updates, no DSA, as in the previous ones? Andreas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
