Bug#393573: marked as done (nvidia-glx: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux leads to arbitrary code execution)

Debian Bug Tracking System Fri, 20 Oct 2006 03:14:10 -0700

Your message dated Thu, 19 Oct 2006 23:32:09 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#393573: fixed in nvidia-graphics-drivers 1.0.8776-1
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: nvidia-glx
Version: 1.0.7174-3
Severity: critical
Tags: security
Justification: root security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- From <http://www.rapid7.com/advisories/R7-0025.jsp>:

   The NVIDIA Binary Graphics Driver for Linux is vulnerable to a
   buffer overflow that allows an attacker to run arbitrary code as
   root. This bug can be exploited both locally or remotely (via
   a remote X client or an X client which visits a malicious web page).

- -- Package-specific info:
uname -r:
Linux xerces 2.6.17-2-k7 #1 SMP Wed Sep 13 17:18:46 UTC 2006 i686 GNU/Linux


/proc/version:
Linux version 2.6.17-2-k7 (Debian 2.6.17-9) ([EMAIL PROTECTED]) (gcc version 
4.1.2 20060901 (prerelease) (Debian 4.1.1-13)) #1 SMP Wed Sep 13 17:18:46 UTC 
2006


/proc/driver/nvidia/version:


01:00.0 VGA compatible controller: nVidia Corporation NV40 [GeForce 6800] (rev 
a1)


- -- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-k7
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages nvidia-glx depends on:
ii  libc6                2.3.6.ds1-4         GNU C Library: Shared libraries
ii  libx11-6             2:1.0.0-9           X11 client-side library
ii  libxext6             1:1.0.1-2           X11 miscellaneous extension librar
ii  nvidia-kernel-2.6.17 1.0.8774-4+2.6.17-9 NVIDIA binary kernel module for Li
ii  x11-common           1:7.0.22            X Window System (X.Org) infrastruc

nvidia-glx recommends no packages.

- -- debconf information:
* nvidia-glx/tlsyes: true
  nvidia-glx/tlsno: false

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFM/bCshl/216gEHgRAon5AKDMqCOf6pFVpUtkwi+ss4GZPDstpgCg2p+C
vYwVS1avHwJMbgYo8clqu70=
=Q7Zg
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: nvidia-graphics-drivers
Source-Version: 1.0.8776-1

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive:

nvidia-glx-dev_1.0.8776-1_amd64.deb
  to pool/non-free/n/nvidia-graphics-drivers/nvidia-glx-dev_1.0.8776-1_amd64.deb
nvidia-glx-dev_1.0.8776-1_i386.deb
  to pool/non-free/n/nvidia-graphics-drivers/nvidia-glx-dev_1.0.8776-1_i386.deb
nvidia-glx-ia32_1.0.8776-1_amd64.deb
  to 
pool/non-free/n/nvidia-graphics-drivers/nvidia-glx-ia32_1.0.8776-1_amd64.deb
nvidia-glx_1.0.8776-1_amd64.deb
  to pool/non-free/n/nvidia-graphics-drivers/nvidia-glx_1.0.8776-1_amd64.deb
nvidia-glx_1.0.8776-1_i386.deb
  to pool/non-free/n/nvidia-graphics-drivers/nvidia-glx_1.0.8776-1_i386.deb
nvidia-graphics-drivers_1.0.8776-1.diff.gz
  to 
pool/non-free/n/nvidia-graphics-drivers/nvidia-graphics-drivers_1.0.8776-1.diff.gz
nvidia-graphics-drivers_1.0.8776-1.dsc
  to 
pool/non-free/n/nvidia-graphics-drivers/nvidia-graphics-drivers_1.0.8776-1.dsc
nvidia-graphics-drivers_1.0.8776.orig.tar.gz
  to 
pool/non-free/n/nvidia-graphics-drivers/nvidia-graphics-drivers_1.0.8776.orig.tar.gz
nvidia-kernel-source_1.0.8776-1_amd64.deb
  to 
pool/non-free/n/nvidia-graphics-drivers/nvidia-kernel-source_1.0.8776-1_amd64.deb
nvidia-kernel-source_1.0.8776-1_i386.deb
  to 
pool/non-free/n/nvidia-graphics-drivers/nvidia-kernel-source_1.0.8776-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Randall Donald <[EMAIL PROTECTED]> (supplier of updated nvidia-graphics-drivers 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 19 Oct 2006 18:26:24 -0700
Source: nvidia-graphics-drivers
Binary: nvidia-glx nvidia-glx-ia32 nvidia-kernel-source nvidia-glx-dev
Architecture: source amd64 i386
Version: 1.0.8776-1
Distribution: unstable
Urgency: medium
Maintainer: Randall Donald <[EMAIL PROTECTED]>
Changed-By: Randall Donald <[EMAIL PROTECTED]>
Description: 
 nvidia-glx-ia32 - NVIDIA binary XFree86 4.x driver
 nvidia-glx - NVIDIA binary XFree86 4.x driver
 nvidia-glx-dev - NVIDIA binary XFree86 4.x / Xorg driver development files
 nvidia-kernel-source - NVIDIA binary kernel module source
Closes: 393573
Changes: 
 nvidia-graphics-drivers (1.0.8776-1) unstable; urgency=medium
 .
   * New upstream.
   * Includes upstream hotfix for Rapid7 Advisory R7-0025 Buffer Overflow
     (closes: #393573)
   * urgency=medium for RC bug fix
Files: 
 6598c633a95e29d98178345e68308e53 2576630 non-free/x11 optional 
nvidia-glx-ia32_1.0.8776-1_amd64.deb
 d6f21ae060c696b958d19029ca97a8be 3910546 non-free/x11 optional 
nvidia-glx_1.0.8776-1_amd64.deb
 2509414e7e555ee0b2c8f248954ad109 151074 non-free/x11 optional 
nvidia-glx-dev_1.0.8776-1_amd64.deb
 7e61f91d719f20fab707d65040c7e198 1867786 non-free/x11 optional 
nvidia-kernel-source_1.0.8776-1_amd64.deb
 15f228bc338fd4e81cd9314dd1d59973 702 non-free/x11 optional 
nvidia-graphics-drivers_1.0.8776-1.dsc
 206b9c094fc93a071ea59101dca2a6a2 16029978 non-free/x11 optional 
nvidia-graphics-drivers_1.0.8776.orig.tar.gz
 1be7aa1646bf42da95631aa00561d1cd 82363 non-free/x11 optional 
nvidia-graphics-drivers_1.0.8776-1.diff.gz
 25acf59911f1658f28455a34a09e49e7 3294166 non-free/x11 optional 
nvidia-glx_1.0.8776-1_i386.deb
 c24b34cad317db65b423ed054c3eae9d 131234 non-free/x11 optional 
nvidia-glx-dev_1.0.8776-1_i386.deb
 464545aafa92b3f982cf0ae763bdce9d 1805604 non-free/x11 optional 
nvidia-kernel-source_1.0.8776-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFOCpcU+6HYGwn3qsRAmecAKDQPXFYYw2WfvyxcAvXW+1pQFAlXgCgrqVn
16RwZ/og7FypCVCVVuyTCLo=
=YEVy
-----END PGP SIGNATURE-----

--- End Message ---

Bug#393573: marked as done (nvidia-glx: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux leads to arbitrary code execution)

Reply via email to