[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#668780: pu: package nvidia-graphics-drivers/195.36.31-6squeeze1

tags 668780 + squeeze confirmed

On Sat, 2012-04-14 at 12:57 +0200, Andreas Beckmann wrote:
>   * Security fix (backported from 195.36.31-7).  (Closes: #609338)
>     Apply upstream patch NVIDIA_kernel-260.19.34-778465.diff to fix
>     information leak in the kernel module: kernel memory was returned
>     uninitialized to user space.
>   * CVE-2012-0946 (backported from 295.40-1):
>     Add upstream patch nvidia-blacklist-register-mapping-195.diff:
>     Closed a security vulnerability which made it possible for attackers to
>     reconfigure GPUs to gain access to arbitrary system memory. For further
>     details, see: http://nvidia.custhelp.com/app/answers/detail/a_id/3109
>   * Let the bug-script collect detailed information about OpenGL and NVIDIA
>     libraries and their symlinks, diversions and alternatives currently found
>     on the system.  Also list files remaining from using the nvidia-installer.
>     Report status of more related packages.

Thanks for working on fixing this in stable.  fwiw, "-6+squeeze1" is
more conventional, although it's unlikely to make a difference in this
case.  Please feel free to go ahead with the upload.

Are the n-g-d-legacy-* packages likely to be affected by these issues as

> As a followup to this update the nvidia-graphics-modules package
> (prebuilt binary kernel modules) needs to be updated, too.

Okay.  Please could you open a second bug for that?



Reply to: