Your message dated Tue, 02 Apr 2013 21:48:56 +0000
with message-id <[email protected]>
and subject line Bug#704547: fixed in nvidia-graphics-drivers 304.88-1
has caused the Debian Bug report #704547,
regarding CVE-2013-0131: NVIDIA UNIX GPU Driver ARGB Cursor Buffer Overflow in
"NoScanout" Mode.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
704547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704547
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nvidia-glx
Version: 195.36.24-1
Severity: critical
Tags: security
Justification: root security hole
Quoting from
http://nvidia.custhelp.com/app/answers/detail/a_id/3290
When the NVIDIA driver for the X Window System is operated in
"NoScanout" mode, and an X client installs an ARGB cursor that is larger
than the expected size (64x64 or 256x256, depending on the driver
version), the driver will overflow a buffer. This can cause a denial of
service (e.g., an X server segmentation fault), or could be exploited to
achieve arbitrary code execution. Because the X server runs as setuid
root in many configurations, an attacker could potentially use this
vulnerability in those configurations to gain root privileges. To
install an ARGB cursor, an application would require a connection to a
running X server. Normally, X servers are configured to only accept
authenticated connections from the local host, but some X servers may be
configured to more permissively allow connections, and/or to allow
connections over a network.
"NoScanout" mode is enabled implicitly on NVIDIA products which lack
display output connectors, and can be enabled explicitly on some other
configurations with the X configuration option:
Option "UseDisplayDevice" "none"
NVIDIA GPU drivers for OSes other than Linux, FreeBSD, VMware ESX, and
Solaris are not affected.
This vulnerability has been present since NVIDIA driver version 195.22.
The overflow is fixed in 304.88, 310.44, 313.30, and all drivers newer
than those versions. NVIDIA recommends that users upgrade to a fixed
driver version, or disable NoScanout mode, where possible.
This vulnerability was identified by NVIDIA. There are no known reports
of exploits of this vulnerability in the wild.
Vulnerable versions in Debian:
nvidia-graphics-drivers | 195.36.31-6squeeze2 | squeeze/non-free |
source
nvidia-graphics-drivers | 295.59-1~bpo60+2 | squeeze-backports/non-free |
source
nvidia-graphics-drivers | 304.64-4 | wheezy/non-free |
source
nvidia-graphics-drivers | 304.84-1 | sid/non-free |
source
nvidia-graphics-drivers | 313.26-1 | experimental/non-free |
source
sid and experimental will be fixed by a new upstream versions to be
uploaded later today or tomorrow. No fix will be possible for squeeze
and squeeze-backports (as this is a closed source driver and these
"ancient" versions are no longer supported).
Andreas
--- End Message ---
--- Begin Message ---
Source: nvidia-graphics-drivers
Source-Version: 304.88-1
We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <[email protected]> (supplier of updated nvidia-graphics-drivers
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 02 Apr 2013 22:43:31 +0200
Source: nvidia-graphics-drivers
Binary: nvidia-glx xserver-xorg-video-nvidia nvidia-glx-ia32 libgl1-nvidia-glx
libxvmcnvidia1 libgl1-nvidia-glx-ia32 nvidia-alternative nvidia-kernel-dkms
nvidia-kernel-source nvidia-vdpau-driver nvidia-vdpau-driver-ia32 nvidia-smi
libcuda1 libcuda1-ia32 libnvidia-compiler libnvidia-compiler-ia32 libnvcuvid1
libnvidia-ml1 nvidia-opencl-common nvidia-opencl-icd nvidia-opencl-icd-ia32
nvidia-libopencl1 nvidia-libopencl1-ia32 libgl1-nvidia-alternatives
libgl1-nvidia-alternatives-ia32 libglx-nvidia-alternatives nvidia-detect
Architecture: source amd64
Version: 304.88-1
Distribution: unstable
Urgency: low
Maintainer: Debian NVIDIA Maintainers <[email protected]>
Changed-By: Andreas Beckmann <[email protected]>
Description:
libcuda1 - NVIDIA CUDA runtime library
libcuda1-ia32 - please switch to multiarch libcuda1:i386
libgl1-nvidia-alternatives - transition libGL.so* diversions to
glx-alternative-nvidia
libgl1-nvidia-alternatives-ia32 - simplifies replacing MESA libGL with GPU
vendor libraries (32-bit
libgl1-nvidia-glx - NVIDIA binary OpenGL libraries${nvidia:LegacyDesc}
libgl1-nvidia-glx-ia32 - please switch to multiarch
libgl1-nvidia${nvidia:Legacy}-glx:i386
libglx-nvidia-alternatives - transition libgl.so diversions to
glx-alternative-nvidia
libnvcuvid1 - NVIDIA CUDA nvcuvid runtime library
libnvidia-compiler - NVIDIA runtime compiler library
libnvidia-compiler-ia32 - please switch to multiarch libnvidia-compiler:i386
libnvidia-ml1 - NVIDIA management library (NVML) runtime library
libxvmcnvidia1 - NVIDIA binary XvMC library${nvidia:LegacyDesc}
nvidia-alternative - allows the selection of NVIDIA as GLX provider
nvidia-detect - NVIDIA GPU detection utility
nvidia-glx - NVIDIA metapackage${nvidia:LegacyDesc}
nvidia-glx-ia32 - NVIDIA 32-bit libraries${nvidia:LegacyDesc} (transitional
package
nvidia-kernel-dkms - NVIDIA binary kernel module DKMS
source${nvidia:LegacyDesc}
nvidia-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc}
nvidia-libopencl1 - NVIDIA OpenCL library
nvidia-libopencl1-ia32 - please switch to multiarch nvidia-libopencl1:i386
nvidia-opencl-common - NVIDIA OpenCL driver
nvidia-opencl-icd - NVIDIA OpenCL ICD
nvidia-opencl-icd-ia32 - please switch to multiarch nvidia-opencl-icd:i386
nvidia-smi - NVIDIA System Management Interface
nvidia-vdpau-driver - NVIDIA vdpau driver
nvidia-vdpau-driver-ia32 - please switch to multiarch nvidia-vdpau-driver:i386
xserver-xorg-video-nvidia - NVIDIA binary Xorg driver${nvidia:LegacyDesc}
Closes: 704547
Changes:
nvidia-graphics-drivers (304.88-1) unstable; urgency=low
.
* New upstream legacy 304xx branch release 304.88 (2013-04-02).
- Fixed CVE-2013-0131: NVIDIA UNIX GPU Driver ARGB Cursor Buffer
Overflow in "NoScanout" Mode. This buffer overflow, which occurred
when an X client installed a large ARGB cursor on an X server
running in NoScanout mode, could cause a denial of service (e.g.,
an X server segmentation fault), or could be exploited to achieve
arbitrary code execution. (Closes: #704547)
For more details, see:
http://nvidia.custhelp.com/app/answers/detail/a_id/3290
Checksums-Sha1:
c388a88a4f06b7e19be3f77b154416139dc19cd3 3965
nvidia-graphics-drivers_304.88-1.dsc
f32c9463900a5a5a678aa21c6b534c7469ba7fbf 104500519
nvidia-graphics-drivers_304.88.orig.tar.gz
9f58dbea81912c37796500088332e1a4b1c44d56 112492
nvidia-graphics-drivers_304.88-1.debian.tar.gz
5dddcd9429289e07d6d42c039df6faf7617f0546 348002 nvidia-glx_304.88-1_amd64.deb
1e2a416b1ba49dd25e153d4610cc3cba3d6b7d5f 2291004
xserver-xorg-video-nvidia_304.88-1_amd64.deb
1e28fe875cbe6dc838892e7c2b86af829b562685 93580
nvidia-glx-ia32_304.88-1_amd64.deb
d2172c68834d2126753b40239e80aa81eed29253 6563746
libgl1-nvidia-glx_304.88-1_amd64.deb
5970a2b93155fecc40c249c7c24ba7ac3ad62d41 279378
libxvmcnvidia1_304.88-1_amd64.deb
703383b29c0d363c4f09bd35bfba6c8dba584587 93834
libgl1-nvidia-glx-ia32_304.88-1_amd64.deb
f62606ff2bd0668a4f6f32c4a5eb9d0c96ff7a6c 94382
nvidia-alternative_304.88-1_amd64.deb
d0afa8299d4058a6f102afb4404fcdc018a86ecb 6907090
nvidia-kernel-dkms_304.88-1_amd64.deb
6627fe7cef7f01ff10ba795523b429651aeac573 9064158
nvidia-kernel-source_304.88-1_amd64.deb
c6e92b8caf5a46ddb4586bcc78f583c9b8aa5297 834620
nvidia-vdpau-driver_304.88-1_amd64.deb
0a82f2e05ef12d9f803e005dfe6e8aae791031ec 93634
nvidia-vdpau-driver-ia32_304.88-1_amd64.deb
bed9f2302a59c94bd18c331251b2007e042a131d 144798 nvidia-smi_304.88-1_amd64.deb
a118e70562a8cfadb52f544461cb17f2e4828028 3274686 libcuda1_304.88-1_amd64.deb
494d37a424cd10a42819496bd99c62d3389bd3e2 93598 libcuda1-ia32_304.88-1_amd64.deb
0de9c21f50a207b6c223f89b9c0f5ec4a7cb7a4c 6979514
libnvidia-compiler_304.88-1_amd64.deb
5cc3fd12e7900f41e0b19ff30e3f999fbc24f850 93148
libnvidia-compiler-ia32_304.88-1_amd64.deb
8f784fff760d9318f0e72598245706568c5ac9ef 623170 libnvcuvid1_304.88-1_amd64.deb
75d5de3c019885d463a514224c1dd9419295c923 215178
libnvidia-ml1_304.88-1_amd64.deb
ceffb8712409a0be9897dfab7af52872f65a900c 93322
nvidia-opencl-common_304.88-1_amd64.deb
6788ff45ea567f46010ffb247a3f7d982916cc42 2907618
nvidia-opencl-icd_304.88-1_amd64.deb
6280bc1265099e3072c2327df44d073083950a16 93538
nvidia-opencl-icd-ia32_304.88-1_amd64.deb
940c9d47408cd69bba8e5cf815f3d876467eb9b9 99930
nvidia-libopencl1_304.88-1_amd64.deb
84dad3dcdb9e9d596cac5e448498cf02c61ecb44 93134
nvidia-libopencl1-ia32_304.88-1_amd64.deb
08f71761de40bbf34007ee82fc6018e524cc115c 93526
libgl1-nvidia-alternatives_304.88-1_amd64.deb
630f46d3bcb2bfb84215f9def05bc8cc49f9735d 95366
libgl1-nvidia-alternatives-ia32_304.88-1_amd64.deb
b79413e980e52a7835e54db16d5c94b43cc29046 93480
libglx-nvidia-alternatives_304.88-1_amd64.deb
911e3bbcc98a4484110ab61e85f6827be85fce01 95800 nvidia-detect_304.88-1_amd64.deb
Checksums-Sha256:
d50743560aa7882457fd1359f160f2f225c28e98d4a1d1c87d9af24f9ce94981 3965
nvidia-graphics-drivers_304.88-1.dsc
126f7c9b937869260e5ce5a051b069b3efb74bff070f1a3f6c7914b06381eda8 104500519
nvidia-graphics-drivers_304.88.orig.tar.gz
969c5ace9dadf74a753bd6fc861254ec681f4a9a2d8fd62e140bd0068da25edc 112492
nvidia-graphics-drivers_304.88-1.debian.tar.gz
30b31fa9fc9442391e8236f5462c84dd66aa83635eacf61d24d6a50849db5642 348002
nvidia-glx_304.88-1_amd64.deb
556e41e3a8d94073ef622b8423d0cb21c745fce0ca36604024aeebd5f7f19607 2291004
xserver-xorg-video-nvidia_304.88-1_amd64.deb
ab645429d7e3ca3371b60be506fc27554a787619b245b80484012688542771c5 93580
nvidia-glx-ia32_304.88-1_amd64.deb
b9d1cf4571c75ada02caa7de419a2a57b37e1961d3e6acf790e7b6d745dc251c 6563746
libgl1-nvidia-glx_304.88-1_amd64.deb
568e4d7271dd69e63a235be531d5ae20a3f251f186ee70b3e9ca1c3428ae24ff 279378
libxvmcnvidia1_304.88-1_amd64.deb
0fa5eb8735617d5da6eeb4e7af2c00c1ab5e01cca424efbddbb63fc7555e3e22 93834
libgl1-nvidia-glx-ia32_304.88-1_amd64.deb
ad5fd1d6954ec8a9f185dd491e57fa815df671733e26d55e729917531c14b7c4 94382
nvidia-alternative_304.88-1_amd64.deb
3901eef2cb27f4e0b590628dc134e6d866089569de90f73e9ce23d8881523ddd 6907090
nvidia-kernel-dkms_304.88-1_amd64.deb
0795393c94db369c6a5a5f0501ce6e30ca43470805002f50074027a80c41d3fd 9064158
nvidia-kernel-source_304.88-1_amd64.deb
d5ee0fca12fcd697f99625df02ebcfbbff9a148a6ed0177377329448da4b0fe0 834620
nvidia-vdpau-driver_304.88-1_amd64.deb
06baa4e3693d15eb27009dfd474df0ef08640c2151a7edba2f24bf1a87c38a0d 93634
nvidia-vdpau-driver-ia32_304.88-1_amd64.deb
4c9e32c45ca0061f42078669ebcb7ef8205e8b4411a0d40783981fac55c98984 144798
nvidia-smi_304.88-1_amd64.deb
c588b7b0c150cf8cd3cdabd3a9f24b4358d0447ee444cd6d0c2aa8507690edfb 3274686
libcuda1_304.88-1_amd64.deb
6b0e7b46b274cbc259937bff6c17e3780c49d596c6954949e7b6d19ce0f11172 93598
libcuda1-ia32_304.88-1_amd64.deb
2332a29980bebf935dfffa6d00dec3ca846edeac528c19407c696736a9b66f1d 6979514
libnvidia-compiler_304.88-1_amd64.deb
1016678ff53d1f5fe4c89da72e060dbb71789dff5f68776440d55a8284dc8711 93148
libnvidia-compiler-ia32_304.88-1_amd64.deb
6f9d4bd39d3928e01c222d2a8ed012a89b0216ccbb70b5f4b4656e04da4354db 623170
libnvcuvid1_304.88-1_amd64.deb
31b4f8a48edf94711a89a155cc9ad63eb04343d311ad958d8574c7ae20c9a78d 215178
libnvidia-ml1_304.88-1_amd64.deb
a7d6738059f7fd79487a2921f16ef76753836449b93e8ae92ac003fe6921001a 93322
nvidia-opencl-common_304.88-1_amd64.deb
34ce0725ee9871f9cfb5def7afd121e15d42f9cfefa6e37e6edd3d1ca694c42e 2907618
nvidia-opencl-icd_304.88-1_amd64.deb
32dd6f8426a4cea1d3c41794a684042342f0970b306c00fa2254029973c01eae 93538
nvidia-opencl-icd-ia32_304.88-1_amd64.deb
f8fe5c8b1317bf0f3268a687ae40541e84b176e286365f0cea91604d0430ce9c 99930
nvidia-libopencl1_304.88-1_amd64.deb
26846dca4977d9e1872823415a127260b1c2c05a2edc84755ee50f18941032fc 93134
nvidia-libopencl1-ia32_304.88-1_amd64.deb
bca2e445e462c3f9232b3ad9dd82337817b573ec3372c82ba885250ca1cce2ec 93526
libgl1-nvidia-alternatives_304.88-1_amd64.deb
3bb3d89f9dff82aa78982ad59b5b7cc36113fbaad6f67780584a2d401fb76f70 95366
libgl1-nvidia-alternatives-ia32_304.88-1_amd64.deb
9ffe7c2164e17768a561cbda747b5d5364d5798395394766f6fcfc56fded823d 93480
libglx-nvidia-alternatives_304.88-1_amd64.deb
d704a937b12892faaec8020f8149a178d1bff91f354d6083e1d80016334b60ef 95800
nvidia-detect_304.88-1_amd64.deb
Files:
f9770a477e1d5ae32d7fe27a736fda4d 3965 non-free/libs optional
nvidia-graphics-drivers_304.88-1.dsc
0f934641044c3506157afa0a3ca16aeb 104500519 non-free/libs optional
nvidia-graphics-drivers_304.88.orig.tar.gz
09ae8e53031a5f54fb84f0d6de80581b 112492 non-free/libs optional
nvidia-graphics-drivers_304.88-1.debian.tar.gz
fe82cdada39c3eb683cdde424e8c64a4 348002 non-free/x11 optional
nvidia-glx_304.88-1_amd64.deb
45c19edbe2b86fb087a62ba0c2770a1d 2291004 non-free/x11 optional
xserver-xorg-video-nvidia_304.88-1_amd64.deb
9b5350bf4634069409b0a96190646a42 93580 non-free/oldlibs extra
nvidia-glx-ia32_304.88-1_amd64.deb
06bdd60105239fdd9822c0e2fa167e6b 6563746 non-free/libs optional
libgl1-nvidia-glx_304.88-1_amd64.deb
793671069906e08f29bedeb7c4336a76 279378 non-free/libs optional
libxvmcnvidia1_304.88-1_amd64.deb
ee215f52d13c063509a97d359dc4637b 93834 non-free/oldlibs extra
libgl1-nvidia-glx-ia32_304.88-1_amd64.deb
380890453d53289d4ca7b16f41f9400f 94382 non-free/libs optional
nvidia-alternative_304.88-1_amd64.deb
b3f68cd93266bafe11777f6622b96429 6907090 non-free/kernel optional
nvidia-kernel-dkms_304.88-1_amd64.deb
29cde06d6d6bcf9bc28c1d30bd1a3f66 9064158 non-free/kernel optional
nvidia-kernel-source_304.88-1_amd64.deb
21226a1d5a69f3d8681e727dd02b5555 834620 non-free/video optional
nvidia-vdpau-driver_304.88-1_amd64.deb
ec74730dd83475352729679312df5b9c 93634 non-free/oldlibs extra
nvidia-vdpau-driver-ia32_304.88-1_amd64.deb
b44a66cec0c957141cdc933170017b37 144798 non-free/utils optional
nvidia-smi_304.88-1_amd64.deb
ed418f95ea76f6e397df5ba8b66c5d68 3274686 non-free/libs optional
libcuda1_304.88-1_amd64.deb
53109e6c39fff3f74dbc5f2dec33db95 93598 non-free/oldlibs extra
libcuda1-ia32_304.88-1_amd64.deb
05fddaa7906f7f9660e348218484ff5f 6979514 non-free/libs optional
libnvidia-compiler_304.88-1_amd64.deb
eacee8e30d81988e0d67e298037960a5 93148 non-free/oldlibs extra
libnvidia-compiler-ia32_304.88-1_amd64.deb
1afb93e4e4521fd395d7f7e21b8bfa87 623170 non-free/libs optional
libnvcuvid1_304.88-1_amd64.deb
0ed0e565da2e40d08b893442045047be 215178 non-free/libs optional
libnvidia-ml1_304.88-1_amd64.deb
bcbb233e8318654f5cb85ad0b2d25f85 93322 non-free/libs optional
nvidia-opencl-common_304.88-1_amd64.deb
8d860a07643435e8f6a1e11549c4876f 2907618 non-free/libs optional
nvidia-opencl-icd_304.88-1_amd64.deb
e25095acfd1f7599e3a75dcd3a2f3199 93538 non-free/oldlibs extra
nvidia-opencl-icd-ia32_304.88-1_amd64.deb
04e0c7332cf184ea62d2abd91d7dfc2f 99930 non-free/libs optional
nvidia-libopencl1_304.88-1_amd64.deb
cec0453565c969bf7b5e43ae020e0fe1 93134 non-free/oldlibs extra
nvidia-libopencl1-ia32_304.88-1_amd64.deb
51649c2539cbc929d3386a128ec754ff 93526 non-free/oldlibs optional
libgl1-nvidia-alternatives_304.88-1_amd64.deb
123d2f4cbef055d1868e2ea1b9f3d498 95366 non-free/libs extra
libgl1-nvidia-alternatives-ia32_304.88-1_amd64.deb
9ca882c9aa77457887d1c3b2a73be4a6 93480 non-free/oldlibs optional
libglx-nvidia-alternatives_304.88-1_amd64.deb
76cbde048f6f20f77b23b4f4218adcdc 95800 non-free/x11 optional
nvidia-detect_304.88-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRW0/MAAoJEF+zP5NZ6e0I6CAP/ipls7TIJeYN+3ROFNuwC1qx
ref/XH1YXCHTY2CfVKWfihYECS4wJawcY52rHVF4yCw0LBvl26jlYgVM+ZL+VNA4
T7kJEP6A/BA3pmgDOXpHCCOycmRhUme3AK6phMp6kOH/PCl+SuXivYSXCVJPFa8s
CS9L6lpoFTJ4a/YOIX+KNoVA6Jj9VcBaZpf5NT+iZD027PLQgXf9XsX0kHzNPiWR
Rsg/6PKqmJ04I6+Rtsx790BGlTnLG7uFIkSpkSOrO66Mh1VKRXl9crTgyO3/5xql
wNRcCmijsn2XEOveyu7AXKJRL12vdRC1ggyO7KvXggO9sXyHnlV5qicaMKHL09Ek
6CIMULggLaCl15KBaHW9lcwYoqbJdc5fTFXwF0en2N+RhfgX5kbxkL74PiofppFs
k8Dl2h3ouhfYyWx9fz/a6coE+Kci3vaIfebLQiiVBPygk6DRgD1EXcxXGh7swMCn
ls0MBOmTEQdXsFYCoZUUmtbdtgrdyYR9EbEcXRYbCnvlelMJvDVkZ2LnLLVKYOSw
2KD2SDa3KDnQFhxx4Ae4+E/hNTFSuloEMhkBzm1OaRn81MxNuFMFqTuTh0eLUEaD
FEyuDB/A2EWSBroZBd5k4AATa+El9v1cowAl+MnIZJJkT56/rP4uYAK45/R/m5vB
KPe2pZxI7F49kWSXc+ao
=EwEl
-----END PGP SIGNATURE-----
--- End Message ---
