Ubuntu
linux-restricted-modules-2.6.15 package

Buffer Overflow in NVIDIA Binary Graphics Driver For Linux

Bug #67721 reported by disabled.user
This bug report is a duplicate of:  Bug #46034: nvidia driver has buffer overflows. Edit Remove
254
Affects Status Importance Assigned to Milestone
linux-restricted-modules-2.6.15 (Ubuntu)
New
Undecided
Unassigned
linux-restricted-modules-2.6.17 (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: nvidia-glx

I didn't find any report on this on Malone, so here we go. This applies to both Dapper and Edgy.

Summary from http://download2.rapid7.com/r7-0025/

"KNOWN VULNERABLE:
- NVIDIA Driver For Linux v8774
- NVIDIA Driver For Linux v8762

The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page)."

An updated driver that fixes the reported issue was released from NVIDIA, see
http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971

Updated, but inoffical packages for both Dapper and Edgy are available from Alberto Milone, see
http://albertomilone.com/wordpress/?p=37

Since this is a severe security issue, can we expect official Ubuntu security fixes for nvidia-glx and the related linux-restricted-modules?

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Big-Ooops, this has been the 10th duplicate of Bug#46034, with one of the other duplicates using exactly the same topic. Honestly, I didn't notice that when browsing for if this bug has been reported before.

Well, at least I wrote another nice summary... ;-)

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.