To: bugtraq@securityfocus.com
Subject: [ MDKSA-2007:007 ] - Updated nvidia driver packages fix vulnerability
Date: Wed, 10 Jan 2007 17:55:26 -0700
From: security@mandriva.com
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1H4oE2-0004XI-Fa@artemis.annvix.ca.>
Sender: QA Team <qateam@artemis.annvix.ca.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:007
http://www.mandriva.com/security/
_______________________________________________________________________
Package : krb5
Date : January 10, 2007
Affected: 2007.0
_______________________________________________________________________
Problem Description:
A vulnerability in the NVIDIA Xorg driver was discovered by Derek
Abdine who found that it did not correctly verify the size of buffers
used to render text glyphs, resulting in a crash of the server when
displaying very long strings of text. If a user was tricked into
viewing a specially crafted series of glyphs, this flaw could be
exploited to run arbitrary code with root privileges.
This vulnerability exists in driver versions 1.0-8762 and 1.0-8774 and
is corrected in 1.0-8776 which is being provided with this update.
The packages can be found in the non-free/updates media.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5379
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
3003991cb905b6b320ceabe32cc7a983 2007.0/i586/dkms-nvidia-8776-1mdv2007.0.i586.rpm
2c519b24d141713c423ef9d10c6287de 2007.0/i586/nvidia-8776-1mdv2007.0.i586.rpm
69eff61846795f6a849e2fdd5eb3a2f9 2007.0/i586/nvidia-kernel-2.6.17-5mdv-8776-1mdk.i586.rpm
5a3c611e53ec9d636c3d191e64bc7447 2007.0/i586/nvidia-kernel-2.6.17-5mdventerprise-8776-1mdk.i586.rpm
82ac29835942c5de7a3b0d72c5212b8d 2007.0/i586/nvidia-kernel-2.6.17-5mdvlegacy-8776-1mdk.i586.rpm
Mandriva Linux 2007.0/X86_64:
03b3098b8f73457af6045dc5d9cf1cc7 2007.0/x86_64/dkms-nvidia-8776-1mdv2007.0.x86_64.rpm
7549687671abb40f1cffc85d73699c68 2007.0/x86_64/nvidia-8776-1mdv2007.0.x86_64.rpm
3a7d4c53a90033c1ab029f285abf39e5 2007.0/x86_64/nvidia-kernel-2.6.17-5mdv-8776-1mdk.x86_64.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFpYpumqjQ0CJFipgRAjS0AJ4sh2Y8FzwqOs6QcrXvBMypEZGQWgCeLtzs
NOa++IRzhzj1sW8WFS6QmAw=
=x42v
-----END PGP SIGNATURE-----
