Package: nvidia-glx Version: 1.0.7174-3 Severity: critical Tags: security Justification: root security hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - From <http://www.rapid7.com/advisories/R7-0025.jsp>: The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page). - -- Package-specific info: uname -r: Linux xerces 2.6.17-2-k7 #1 SMP Wed Sep 13 17:18:46 UTC 2006 i686 GNU/Linux /proc/version: Linux version 2.6.17-2-k7 (Debian 2.6.17-9) ([EMAIL PROTECTED]) (gcc version 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)) #1 SMP Wed Sep 13 17:18:46 UTC 2006 /proc/driver/nvidia/version: 01:00.0 VGA compatible controller: nVidia Corporation NV40 [GeForce 6800] (rev a1) - -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-k7 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages nvidia-glx depends on: ii libc6 2.3.6.ds1-4 GNU C Library: Shared libraries ii libx11-6 2:1.0.0-9 X11 client-side library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii nvidia-kernel-2.6.17 1.0.8774-4+2.6.17-9 NVIDIA binary kernel module for Li ii x11-common 1:7.0.22 X Window System (X.Org) infrastruc nvidia-glx recommends no packages. - -- debconf information: * nvidia-glx/tlsyes: true nvidia-glx/tlsno: false -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFM/bCshl/216gEHgRAon5AKDMqCOf6pFVpUtkwi+ss4GZPDstpgCg2p+C vYwVS1avHwJMbgYo8clqu70= =Q7Zg -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
