Your message dated Thu, 01 Oct 2015 09:37:03 +0000 with message-id <e1zhair-0004zq...@franck.debian.org> and subject line Bug#800568: fixed in nvidia-graphics-drivers-legacy-340xx 340.93-1 has caused the Debian Bug report #800568, regarding nvidia-graphics-drivers: CVE-2015-5950 Memory corruption due to an unsanitized pointer in the NVIDIA display driver to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 800568: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800568 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nvidia-graphics-drivers Version: 304.22-1 Severity: serious Tags: security https://nvidia.custhelp.com/app/answers/detail/a_id/3763 A vulnerability has been found in the NVIDIA driver that could be used to allow a local, non-privileged user to corrupt kernel memory. This could be used to gain local root privileges. A local user can issue a specially crafted IOCTL to write a 32-bit integer value stored in the kernel driver to a user-specified memory location, potentially in the kernel address space. The user has a limited ability to influence the value of the integer that is written. Exploit Scope and Risk: This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android-based NVIDIA Tegra products. Branch 1st version including the fix R304 304.128 R340 340.93 R352 352.41 Andreas
--- End Message ---
--- Begin Message ---Source: nvidia-graphics-drivers-legacy-340xx Source-Version: 340.93-1 We believe that the bug you reported is fixed in the latest version of nvidia-graphics-drivers-legacy-340xx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 800...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers-legacy-340xx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 01 Oct 2015 09:57:19 +0200 Source: nvidia-graphics-drivers-legacy-340xx Binary: nvidia-legacy-340xx-driver nvidia-legacy-340xx-driver-bin xserver-xorg-video-nvidia-legacy-340xx libgl1-nvidia-legacy-340xx-glx libgl1-nvidia-legacy-340xx-glx-i386 libegl1-nvidia-legacy-340xx libgles1-nvidia-legacy-340xx libgles2-nvidia-legacy-340xx libnvidia-legacy-340xx-eglcore nvidia-legacy-340xx-alternative nvidia-legacy-340xx-kernel-dkms nvidia-legacy-340xx-kernel-source nvidia-legacy-340xx-vdpau-driver nvidia-legacy-340xx-smi libnvidia-legacy-340xx-cuda1 libnvidia-legacy-340xx-cuda1-i386 libnvidia-legacy-340xx-compiler libnvidia-legacy-340xx-nvcuvid1 libnvidia-legacy-340xx-encode1 libnvidia-legacy-340xx-ifr1 libnvidia-legacy-340xx-fbc1 libnvidia-legacy-340xx-ml1 nvidia-legacy-340xx-opencl-icd Architecture: source Version: 340.93-1 Distribution: unstable Urgency: medium Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org> Changed-By: Andreas Beckmann <a...@debian.org> Description: libegl1-nvidia-legacy-340xx - NVIDIA binary EGL libraries${nvidia:LegacyDesc} libgl1-nvidia-legacy-340xx-glx - NVIDIA binary OpenGL libraries${nvidia:LegacyDesc} libgl1-nvidia-legacy-340xx-glx-i386 - NVIDIA binary OpenGL 32-bit libraries${nvidia:LegacyDesc} libgles1-nvidia-legacy-340xx - NVIDIA binary OpenGL|ES 1.x libraries${nvidia:LegacyDesc} libgles2-nvidia-legacy-340xx - NVIDIA binary OpenGL|ES 2.x libraries${nvidia:LegacyDesc} libnvidia-legacy-340xx-compiler - NVIDIA runtime compiler library libnvidia-legacy-340xx-cuda1 - NVIDIA CUDA Driver Library libnvidia-legacy-340xx-cuda1-i386 - NVIDIA CUDA 32-bit runtime library${nvidia:LegacyDesc} libnvidia-legacy-340xx-eglcore - NVIDIA binary EGL core libraries${nvidia:LegacyDesc} libnvidia-legacy-340xx-encode1 - NVENC Video Encoding runtime library libnvidia-legacy-340xx-fbc1 - NVIDIA OpenGL-based Framebuffer Capture runtime library libnvidia-legacy-340xx-ifr1 - NVIDIA OpenGL-based Inband Frame Readback runtime library libnvidia-legacy-340xx-ml1 - NVIDIA Management Library (NVML) runtime library libnvidia-legacy-340xx-nvcuvid1 - NVIDIA CUDA Video Decoder runtime library nvidia-legacy-340xx-alternative - allows the selection of NVIDIA as GLX provider nvidia-legacy-340xx-driver - NVIDIA metapackage${nvidia:LegacyDesc} nvidia-legacy-340xx-driver-bin - NVIDIA driver support binaries${nvidia:LegacyDesc} nvidia-legacy-340xx-kernel-dkms - NVIDIA binary kernel module DKMS source${nvidia:LegacyDesc} nvidia-legacy-340xx-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc} nvidia-legacy-340xx-opencl-icd - NVIDIA OpenCL installable client driver (ICD) nvidia-legacy-340xx-smi - NVIDIA System Management Interface nvidia-legacy-340xx-vdpau-driver - Video Decode and Presentation API for Unix - NVIDIA driver xserver-xorg-video-nvidia-legacy-340xx - NVIDIA binary Xorg driver${nvidia:LegacyDesc} Closes: 798207 800568 Changes: nvidia-graphics-drivers-legacy-340xx (340.93-1) unstable; urgency=medium . * New upstream legacy 340xx branch release 340.93 (2015-09-02). * Fixed CVE-2015-5950: Memory corruption due to an unsanitized pointer. (Closes: #800568) - Fixed a bug that caused the X server to crash if an OpenGL application tried to allocate a drawable when GPU-accessible memory is exhausted. - Fixed a bug that could cause an Xid error when terminating a video playback application using the overlay presentation queue in VDPAU. - Fixed a rare deadlock condition when running applications that use OpenGL in multiple threads on a Quadro GPU. - Fixed a bug which caused truncation of the EGLAttribEXT value returned by eglQueryDeviceAttribEXT() on 64-bit systems. - Fixed a kernel memory leak that occurred when looping hardware- accelerated video decoding with VDPAU on Maxwell-based GPUs. - Fixed a bug that caused the X server to crash if a RandR 1.4 output provided by a Sink Output provider was selected as the primary output on X.Org xserver 1.17 and higher. - Fixed a bug that caused waiting on X Sync Fence objects in OpenGL to hang indefinitely in some cases. - Fixed a bug that prevented OpenGL from properly recovering from hardware errors or sync object waits that had timed out. * Improved compatibility with recent Linux kernels. * Synchronize packaging with nvidia-graphics-drivers 340.93-3: - fixes-for-kernel-4.0.0.patch: Remove, fixed upstream. - Update lintian overrides. - nvidia-legacy-340xx-driver-bin, libnvidia-legacy-340xx-compiler, libnvidia-legacy-340xx-eglcore, libgl1-nvidia-legacy-340xx-glx: Add Provides+Conflicts: $pkg-${nvidia:Version} to forbid co-installation with the respective legacy packages from the same upstream version due to file conflicts on versioned files are not handled via alternatives. - bug-script: Report file information in arm-linux-gnueabihf directories. - bug-script: Collect information from /etc/modules{,-load.d/}. - nvidia-legacy-340xx-driver: Add Recommends: nvidia-persistenced. - nvidia-legacy-340xx-modprobe.conf: (Closes: #798207) + Don't use aliases for the renamed modules, only use install and remove commands. + Remodel the nvidia-uvm -> nvidia dependency via an install command. + Duplicate the module's built-in PCI-ID-match aliases to ensure they cause the virtual "nvidia" module to be loaded instead of a random one. * conftest.h: - Implement new conftest.sh function nvidia_grid_build (352.41). Checksums-Sha1: 97a4b584769ebe201924ca621ea1ca0d6df79e77 4859 nvidia-graphics-drivers-legacy-340xx_340.93-1.dsc 63fd1787d6ff9a6ed1307015eb050e33536d33bd 131893148 nvidia-graphics-drivers-legacy-340xx_340.93.orig.tar.gz 6bf323deeb9188f4350e9790b39ceffbe85f13c4 112932 nvidia-graphics-drivers-legacy-340xx_340.93-1.debian.tar.xz Checksums-Sha256: d8d8269b0e99dedd0d86136fb73d82adf6ae22ae613c9eeb7e734f8ba94d1251 4859 nvidia-graphics-drivers-legacy-340xx_340.93-1.dsc cb77bd1615d4ea0af9be7160a8c39b2a7b9c86e7fae16bc5f520bc6dcdb071e4 131893148 nvidia-graphics-drivers-legacy-340xx_340.93.orig.tar.gz b0f4a7526659db54ed2f1a03f0941217f425cc338dfc651b281b2b7384e415b6 112932 nvidia-graphics-drivers-legacy-340xx_340.93-1.debian.tar.xz Files: dcf3de18f03c5956be4fbf62b2adc218 4859 non-free/libs optional nvidia-graphics-drivers-legacy-340xx_340.93-1.dsc b03a156887bb865d2cfac8c1a4fbb9c8 131893148 non-free/libs optional nvidia-graphics-drivers-legacy-340xx_340.93.orig.tar.gz 22694f5ff48610377666133fbf775566 112932 non-free/libs optional nvidia-graphics-drivers-legacy-340xx_340.93-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWDOhjAAoJEF+zP5NZ6e0IgJ0P/RJ0hoERC+8TfvV9qZgAokSw KPz3derPwRjRJN2nQGaYLDu08xLpqtZIfhaQlndQaI4HFld9ekjr2k11DREvzHC/ hmFgY8udDZuekhifwFWrVh4hZkeuleM7HsGUL9V6K0QE5I9Qm9+1kuuEnDDrEe6V UkIhVTEwVVuWhnnD7fJPfWWHYGvkroGDr47jZoncmmrBatbtmRqmlCjwo6umd4Uv UzqxtLFay+EFGb9Mvo5wOmDzE6yOWyWjk1q6WCYtDw08hk/79uLpkuPbaSKunnY1 H4YLI+zer3YvmNofxBTsE3zNS/tEbiTJ7ITYehBbXgOAkADnYdkeChw/8/Qm3xZQ /GdrYnlJ1eEtcH/HVByjM2mwcDppTKjPnSlOUYVRPbYDeFMZD937KyJWIDbFxeWC tq4jAVHUTGtHy/rpX5XSCtyikA6bMTmVTar+Ou5AwhxesQlLpc/FcD29KPQQ8wyv JGQVfrVVryWOLO+pmPQ8Vb1cXEPhGEj8La3A2AplaYzLhPa2UfnvCPND4X2zFsSF Yt17I8YfO7quzMSjKXHcMm68KDAtIECQQR15Wi8UC2Z2EKPTo7xIwZsefd/evLfh Jb+Ty7qgaxa1PVlNKr08c0ljJTyuDpWmfn+aWGfcIGSyN+pKSwTu/s4EfLAF8w1Z 2NQyGyDKps51zYCO9zNx =hr6v -----END PGP SIGNATURE-----
--- End Message ---
