Bug#668780: pu: package nvidia-graphics-drivers/195.36.31-6squeeze1
tags 668780 + squeeze confirmed
thanks
On Sat, 2012-04-14 at 12:57 +0200, Andreas Beckmann wrote:
> * Security fix (backported from 195.36.31-7). (Closes: #609338)
> Apply upstream patch NVIDIA_kernel-260.19.34-778465.diff to fix
> information leak in the kernel module: kernel memory was returned
> uninitialized to user space.
>
> * CVE-2012-0946 (backported from 295.40-1):
> Add upstream patch nvidia-blacklist-register-mapping-195.diff:
> Closed a security vulnerability which made it possible for attackers to
> reconfigure GPUs to gain access to arbitrary system memory. For further
> details, see: http://nvidia.custhelp.com/app/answers/detail/a_id/3109
>
> * Let the bug-script collect detailed information about OpenGL and NVIDIA
> libraries and their symlinks, diversions and alternatives currently found
> on the system. Also list files remaining from using the nvidia-installer.
> Report status of more related packages.
Thanks for working on fixing this in stable. fwiw, "-6+squeeze1" is
more conventional, although it's unlikely to make a difference in this
case. Please feel free to go ahead with the upload.
Are the n-g-d-legacy-* packages likely to be affected by these issues as
well?
> As a followup to this update the nvidia-graphics-modules package
> (prebuilt binary kernel modules) needs to be updated, too.
Okay. Please could you open a second bug for that?
Regards,
Adam
Reply to: