Your message dated Fri, 12 Dec 2014 21:20:26 +0000
with message-id <[email protected]>
and subject line Bug#772971: fixed in nvidia-graphics-drivers 340.65-1
has caused the Debian Bug report #772971,
regarding src:nvidia-graphics-drivers*: CVE-2014-8298: GLX-INDIRECT (Including
CVE-2014-8093, CVE-2014-8098)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
772971: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772971
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nvidia-graphics-drivers
Severity: critical
Tags: security
This is the NVIDIA-specific part of
DSA-3095-1 xorg-server -- security update
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8298
The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before
R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x
before R346.22, Lixux for Tegra (L4T) driver before R21.2, and Chrome OS
driver before R40 allows remote attackers to cause a denial of service
(segmentation fault and X server crash) or possibly execute arbitrary
code via a crafted GLX indirect rendering protocol request.
http://lists.x.org/archives/xorg-announce/2014-December/002500.html
http://nvidia.custhelp.com/app/answers/detail/a_id/3610
Release series fixed in version
-------------- ----------------
Releases prior to 304 Has reached 'end of life' and no longer
supported.
304.* 304.125 available as of 12/9
319.* no longer supported
331.* 331.113 available as of 12/9
340.* 340.65 available as of 12/9
343.* 343.36 available as of 12/9
346.* 346.22 Beta available as of 12/9
All NVIDIA drivers (in non-free) are affected:
not fixable (no new upstream release will be provided):
nvidia-graphics-drivers-legacy-96xx | 96.43.18-2 | squeeze/non-free
| source
nvidia-graphics-drivers-legacy-96xx | 96.43.23-3 | wheezy/non-free
| source
nvidia-graphics-drivers-legacy-96xx | 96.43.23-7~bpo70+1 |
wheezy-backports/non-free | source
nvidia-graphics-drivers-legacy-173xx | 173.14.27-2 | squeeze/non-free
| source
nvidia-graphics-drivers-legacy-173xx | 173.14.35-1~bpo60+2 |
squeeze-backports/non-free | source
nvidia-graphics-drivers-legacy-173xx | 173.14.35-4 | wheezy/non-free
| source
nvidia-graphics-drivers-legacy-173xx | 173.14.39-2~bpo70+1 |
wheezy-backports/non-free | source
nvidia-graphics-drivers | 195.36.31-6squeeze2 | squeeze/non-free
| source
nvidia-graphics-drivers | 295.59-1~bpo60+2 |
squeeze-backports/non-free | source
uploads planned (new upstream release required):
nvidia-graphics-drivers | 304.117-1 | wheezy/non-free
| source
nvidia-graphics-drivers-legacy-304xx | 304.123-4~bpo70+1 |
wheezy-backports/non-free | source
nvidia-graphics-drivers-legacy-304xx | 304.123-4 | jessie/non-free
| source
nvidia-graphics-drivers-legacy-304xx | 304.123-4 | sid/non-free
| source
nvidia-graphics-drivers | 319.82-1~bpo70+2 |
wheezy-backports/non-free | source
nvidia-graphics-drivers | 340.46-6 | jessie/non-free
| source
nvidia-graphics-drivers | 340.58-1 | sid/non-free
| source
nvidia-graphics-drivers | 343.22-2 |
experimental/non-free | source
I expect wheezy (only nvidia-graphics-drivers can be fixed there)
shall be fixed via wheezy-proposed-updates, no DSA, as in the previous ones?
Andreas
--- End Message ---
--- Begin Message ---
Source: nvidia-graphics-drivers
Source-Version: 340.65-1
We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <[email protected]> (supplier of updated nvidia-graphics-drivers
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 12 Dec 2014 21:10:11 +0100
Source: nvidia-graphics-drivers
Binary: nvidia-driver nvidia-driver-bin nvidia-glx xserver-xorg-video-nvidia
libgl1-nvidia-glx libgl1-nvidia-glx-i386 libegl1-nvidia libgles1-nvidia
libgles2-nvidia libnvidia-eglcore nvidia-alternative nvidia-kernel-dkms
nvidia-kernel-source nvidia-vdpau-driver nvidia-smi nvidia-cuda-mps libcuda1
libcuda1-i386 libnvidia-compiler libnvcuvid1 libnvidia-encode1 libnvidia-ifr1
libnvidia-fbc1 libnvidia-ml1 nvidia-opencl-common nvidia-opencl-icd
nvidia-libopencl1 nvidia-detect
Architecture: source
Version: 340.65-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <[email protected]>
Changed-By: Andreas Beckmann <[email protected]>
Description:
libcuda1 - NVIDIA CUDA Driver Library
libcuda1-i386 - NVIDIA CUDA 32-bit runtime library${nvidia:LegacyDesc}
libegl1-nvidia - NVIDIA binary EGL libraries${nvidia:LegacyDesc}
libgl1-nvidia-glx - NVIDIA binary OpenGL libraries${nvidia:LegacyDesc}
libgl1-nvidia-glx-i386 - NVIDIA binary OpenGL 32-bit
libraries${nvidia:LegacyDesc}
libgles1-nvidia - NVIDIA binary OpenGL|ES 1.x libraries${nvidia:LegacyDesc}
libgles2-nvidia - NVIDIA binary OpenGL|ES 2.x libraries${nvidia:LegacyDesc}
libnvcuvid1 - NVIDIA CUDA Video Decoder runtime library
libnvidia-compiler - NVIDIA runtime compiler library
libnvidia-eglcore - NVIDIA binary EGL core libraries${nvidia:LegacyDesc}
libnvidia-encode1 - NVENC Video Encoding runtime library
libnvidia-fbc1 - NVIDIA OpenGL-based Framebuffer Capture runtime library
libnvidia-ifr1 - NVIDIA OpenGL-based Inband Frame Readback runtime library
libnvidia-ml1 - NVIDIA Management Library (NVML) runtime library
nvidia-alternative - allows the selection of NVIDIA as GLX provider
nvidia-cuda-mps - NVIDIA CUDA Multi Process Service (MPS)
nvidia-detect - NVIDIA GPU detection utility
nvidia-driver - NVIDIA metapackage${nvidia:LegacyDesc}
nvidia-driver-bin - NVIDIA driver support binaries${nvidia:LegacyDesc}
nvidia-glx - transition to ${nvidia}-driver
nvidia-kernel-dkms - NVIDIA binary kernel module DKMS
source${nvidia:LegacyDesc}
nvidia-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc}
nvidia-libopencl1 - NVIDIA OpenCL ICD Loader library
nvidia-opencl-common - NVIDIA OpenCL driver
nvidia-opencl-icd - NVIDIA OpenCL installable client driver (ICD)
nvidia-smi - NVIDIA System Management Interface
nvidia-vdpau-driver - Video Decode and Presentation API for Unix - NVIDIA
driver
xserver-xorg-video-nvidia - NVIDIA binary Xorg driver${nvidia:LegacyDesc}
Closes: 770798 772971
Changes:
nvidia-graphics-drivers (340.65-1) unstable; urgency=medium
.
* New upstream legacy 340xx branch release 340.65 (2014-12-08).
* Fixes CVE-2014-8298. (Closes: #772971)
- Fixed a bug that prevented internal 4K panels on some laptops from being
driven at a sufficient bandwidth to support their native resolutions.
- Fixed a regression that prevented the NVIDIA kernel module from loading
in some virtualized environments such as Amazon Web Services.
- Fixed a regression that caused displays to be detected incorrectly on
some notebook systems. (Closes: #770798)
- Fixed a bug that could cause X to freeze when using Base Mosaic.
- Fixed a regression that prevented the NVIDIA X driver from recognizing
Base Mosaic layouts generated by the nvidia-settings control panel.
* Merge changes from 304.125-1.
* Add xorg-video-abi-19 as alternative dependency.
Checksums-Sha1:
053ae846cf2a668b0164cf9e0d8965689eb38167 4457
nvidia-graphics-drivers_340.65-1.dsc
f0cee00290df19a5c048a6e334ea0dc68116b964 132184935
nvidia-graphics-drivers_340.65.orig.tar.gz
018ec41cf9896b0e60462c77a2491694bc8fe9e5 118880
nvidia-graphics-drivers_340.65-1.debian.tar.xz
Checksums-Sha256:
da727aed19c7e5ac501e240259cf0a2bfcc23f43f09654aed33bf877fd8fe736 4457
nvidia-graphics-drivers_340.65-1.dsc
3eabefeaedfe374f14fa16d5c20123a857dd2b8f6885fd1a4f3240452c2a39bc 132184935
nvidia-graphics-drivers_340.65.orig.tar.gz
d1f49595029e8f64e4b857b983ca84e0b3d3952216821dfd4da0cd15feb53009 118880
nvidia-graphics-drivers_340.65-1.debian.tar.xz
Files:
1e5c2d46ce98922cbc745318bf6a8324 4457 non-free/libs optional
nvidia-graphics-drivers_340.65-1.dsc
28883b0f64444f8a9109eb8d87931e0a 132184935 non-free/libs optional
nvidia-graphics-drivers_340.65.orig.tar.gz
93f0f5a139d9ba6a09b2bcb3423792f5 118880 non-free/libs optional
nvidia-graphics-drivers_340.65-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUi1ZVAAoJEF+zP5NZ6e0IhEEP/i4v54bCsutbH506H+m8Ddjv
MZ+qJ9uz9ZlXawQ346OTH/7iJ4dfN7EukuJsAlaOZNxyFh8VqWK2T7aY0eKyHScE
T125Z7G4zN4b9Tw4RK4GMohGjkACmaM7zWFoGQbbGl+VJXUPtuh5syoyeBXjTC4z
rpZbAOrlAW7ycIaxP6yB7jrgQX4HbO0Ayi4q639KKMzosnituAwDQQoIcxbYfXN8
e6Z0XEO9Hw89kR6scR/BNbMhsQsjpVcbL9O/rvydPz+zKl3D4h4XrNp9yOe1ZIz4
/idaBrVwm8TxiGP5+YLUaasMxHfeIaS+QZ+MWzfDIU4PROWcaHm6C2Eas6wBEPl0
UYGC5ksbToDquMoEwt96nFxCs0x1DomzBgugSKRGdTHnQOod5nx8Y66O8NEoYnz8
Lc12y+9JJ4InxsfpWwIiXHatgHqGonat6uAaem8LH2k9tgcThhcKPcEn0CwRXova
EKSToTuXlGePEOTf16P1b3cFreubT5AXZLnLe/5GQsGh64d5TIHUe15m8ClWx4+a
Gdde8rxLPojcu4RSEvqHeDd6V/CVyA9S32NAepbfUc2RLoJKhryINgehKuF2fMUO
CzYOWN3O6cxxPBZcLqyVZ4pfKCcqjB/iUnn3JNs2bq9NyrWEjXmpfdBvMqVxyssY
4VNt5Ysu2l3qBMouf2dK
=8aS+
-----END PGP SIGNATURE-----
--- End Message ---
