Your message dated Thu, 13 Sep 2012 10:48:05 +0000
with message-id <[email protected]>
and subject line Bug#685118: fixed in nvidia-graphics-drivers-legacy-173xx
173.14.35-3
has caused the Debian Bug report #685118,
regarding nvidia-glx: CVE-2012-4225: exploitable privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
685118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685118
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nvidia-glx
Version: 195.36.31-6
Severity: grave
Tags: security
Justification: user security hole
There is another privilege escalation in the Nvidia binary driver.
Nvidia Advisory: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
Initial disclosure of the vulnerability:
http://permalink.gmane.org/gmane.comp.security.full-disclosure/86747
CVE not assigned or unknown
affected:
squeeze
nvidia-graphics-drivers (195.36.31-6, 195.36.31-6squeeze1)
nvidia-graphics-modules (195.36.31+2, 195.36.31+3)
nvidia-graphics-drivers-legacy-173xx (173.14.27-2)
squeeze-backports
nvidia-graphics-drivers (295.59-1~bpo60+1)
nvidia-graphics-drivers-legacy-173xx (173.14.35-1~bpo60+1)
wheezy/sid
nvidia-graphics-drivers (302.17-3)
nvidia-graphics-modules (302.17+1, 302.17+2)
nvidia-graphics-drivers-legacy-173xx (173.14.35-2)
probably unaffected:
nvidia-graphics-drivers-legacy-96xx (squeeze only)
fixed (according to Nvidia Advisory):
304.32 (beta)
experimental (304.32-1)
295.71 (long term stable branch)
patch for older versions available, but may disable some fucntionality
(e.g. CUDA debugger)
Andreas
--- End Message ---
--- Begin Message ---
Source: nvidia-graphics-drivers-legacy-173xx
Source-Version: 173.14.35-3
We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-legacy-173xx, which is due to be installed in the
Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <[email protected]> (supplier of updated
nvidia-graphics-drivers-legacy-173xx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 13 Sep 2012 12:30:00 +0200
Source: nvidia-graphics-drivers-legacy-173xx
Binary: nvidia-glx-legacy-173xx xserver-xorg-video-nvidia-legacy-173xx
nvidia-glx-legacy-173xx-ia32 libgl1-nvidia-legacy-173xx-glx
libgl1-nvidia-legacy-173xx-glx-ia32 nvidia-alternative-legacy-173xx
nvidia-kernel-legacy-173xx-dkms nvidia-kernel-legacy-173xx-source
Architecture: amd64 i386 source
Version: 173.14.35-3
Distribution: unstable
Urgency: low
Maintainer: Debian NVIDIA Maintainers <[email protected]>
Changed-By: Andreas Beckmann <[email protected]>
Closes: 685118
Description:
libgl1-nvidia-legacy-173xx-glx - NVIDIA binary OpenGL
libraries${nvidia:LegacyDesc}
libgl1-nvidia-legacy-173xx-glx-ia32 - please switch to multiarch
libgl1-nvidia${nvidia:Legacy}-glx:i386
nvidia-alternative-legacy-173xx - allows the selection of NVIDIA as GLX
provider
nvidia-glx-legacy-173xx - NVIDIA metapackage${nvidia:LegacyDesc}
nvidia-glx-legacy-173xx-ia32 - NVIDIA 32-bit libraries${nvidia:LegacyDesc}
(transitional package
nvidia-kernel-legacy-173xx-dkms - NVIDIA binary kernel module DKMS
source${nvidia:LegacyDesc}
nvidia-kernel-legacy-173xx-source - NVIDIA binary kernel module
source${nvidia:LegacyDesc}
xserver-xorg-video-nvidia-legacy-173xx - NVIDIA binary Xorg
driver${nvidia:LegacyDesc}
Changes:
nvidia-graphics-drivers-legacy-173xx (173.14.35-3) unstable; urgency=low
.
* 173.14.35 was promoted to release status without further changes.
* CVE-2012-4225. (Closes: #685118)
Add upstream patch nvidia-blacklist-vga-pmu-registers-195.diff:
- Implemented hotfix for a privilege escalation vulnerability reported on
August 1, 2012. For more details, see:
http://nvidia.custhelp.com/app/answers/detail/a_id/3140
* Synchronize packaging with nvidia-graphics-drivers 304.22-1:
- Work around dpkg-gencontrol bug #659814.
- Convert *-ia32 into transitional packages due to ia32-libs transition:
- $pkg:i386 Provides: $pkg-i386
- $pkg-ia32 Recommends: $pkg-i386
- Add multiarch instructions to long descriptions.
* Synchronize packaging with nvidia-graphics-drivers 304.30-1:
- xserver-xorg-video-nvidia-legacy-173xx.postrm: Do not fail if the
debconf templates from nvidia-support are not available.
* Synchronize packaging with nvidia-graphics-drivers 304.30-2:
- Disable patch-3.0-rt-nvidia.patch, no longer needed.
* Synchronize packaging with nvidia-graphics-drivers 304.32-1:
- debian/rules: get-orig-source: Make --pasv overridable.
* Synchronize packaging with nvidia-graphics-drivers 304.37-1:
- nvidia-kernel-legacy-173xx-source: Add Built-Using attribute to the
generated module packages to record the exact versions of linux and
nvidia-graphics-drivers-legacy-173xx that were used during the build.
- libgl1-nvidia-legacy-173xx-glx:i386: Add Breaks: ia32-libs (<< 20120701)
because that is shipping /usr/lib32/libGL.so.1 which gets no longer
diverted away.
- nvidia-kernel-legacy-173xx-dkms: Set Multi-Arch: foreign (instead of
allowed).
- Add nvidia-kernel-legacy-173xx-dkms (= ${binary:Version}) as preferred
alternative to (virtual) nvidia-kernel-${nvidia:Version}.
* Synchronize packaging with nvidia-graphics-drivers 304.43-1:
- conftest.h:
- Implement check for linux/screen_info.h (302.17).
- Implement check for linux/kconfig.h (304.30).
- Implement new conftest.sh function acpi_os_wait_events_complete
(304.43).
- bug-control: Report installed versions of
libgl1-nvidia-alternatives-ia32, libgl1-nvidia{,-legacy-173xx}-glx-ia32,
and ia32-libs.
- libgl1-nvidia-legacy-173xx-glx-ia32: Add NEWS file describing the steps
needed to install the multiarch :i386 nvidia packages on amd64.
* Synchronize packaging with nvidia-graphics-drivers 304.48-1:
- get-orig-source: Skip downloading if cached files are in ../.cache/
- Switch .deb compression to xz.
* libgl1-nvidia-legacy-173xx-glx: add Breaks: nvidia-settings (>= 302) which
is no longer backwards compatible.
* Suggests: nvidia-settings-legacy-173xx instead.
Checksums-Sha1:
34f24828a9c8b0de65394c157cd945adc0ff0132 3035
nvidia-graphics-drivers-legacy-173xx_173.14.35-3.dsc
6b33fbdfbbe841aca0e466529b4f1a1accdb0a22 64301
nvidia-graphics-drivers-legacy-173xx_173.14.35-3.debian.tar.gz
667dc986c83d5eba4cccf81d43d6a0df73b9b98d 226648
nvidia-glx-legacy-173xx_173.14.35-3_amd64.deb
c243d688ab07dc0b38c28253475502c60a7dc0fd 1637756
xserver-xorg-video-nvidia-legacy-173xx_173.14.35-3_amd64.deb
00a0cb03d634076826fc7434699bc58a130820e5 37606
nvidia-glx-legacy-173xx-ia32_173.14.35-3_amd64.deb
868bc1b4c4a5fb7d0472268608242ffdf542bee2 3526996
libgl1-nvidia-legacy-173xx-glx_173.14.35-3_amd64.deb
b57fe5d95ee5bdb0e99269596d80f10a39b85df7 37752
libgl1-nvidia-legacy-173xx-glx-ia32_173.14.35-3_amd64.deb
e23eaa55d9c52afa404ad8b2943ab87d84255e59 38374
nvidia-alternative-legacy-173xx_173.14.35-3_amd64.deb
b3fa9837bc6c5e55729dd75e3667c4dbe2e5bc8e 3479620
nvidia-kernel-legacy-173xx-dkms_173.14.35-3_amd64.deb
2de64774bfb461a5747f4164cc632642c5f30f2e 5011874
nvidia-kernel-legacy-173xx-source_173.14.35-3_amd64.deb
fed1d95bfc8b2c0daaebe6ab348da8cb1fcb6297 226534
nvidia-glx-legacy-173xx_173.14.35-3_i386.deb
7b58e016d5ba82beaf722fc45a70a6da1daaefc5 1404188
xserver-xorg-video-nvidia-legacy-173xx_173.14.35-3_i386.deb
ec7ab5d546c654ce28c1fb4ec228e6cc8f995fa0 3395132
libgl1-nvidia-legacy-173xx-glx_173.14.35-3_i386.deb
1e608d08dfa268c4b5916b2f6d25c61a32033b0a 38384
nvidia-alternative-legacy-173xx_173.14.35-3_i386.deb
98d31c8e982a9f224c77ff679e9f4f1f3c5b2541 3452958
nvidia-kernel-legacy-173xx-dkms_173.14.35-3_i386.deb
206c03837d590fd4097e71603b963429efd571d0 5012014
nvidia-kernel-legacy-173xx-source_173.14.35-3_i386.deb
Checksums-Sha256:
1a0fb588011c988e0090fc86f12b257efd1793f6b3c91bb39581eb16540bde7a 3035
nvidia-graphics-drivers-legacy-173xx_173.14.35-3.dsc
06a00ef7e834ec1096bc9d24b5fe0b6744842bedd626f8797ddff272879f6d17 64301
nvidia-graphics-drivers-legacy-173xx_173.14.35-3.debian.tar.gz
4c1ac47cd9d2026924b91ad8966124ce364326f5d0bea13fa1e4b2d13fe78b60 226648
nvidia-glx-legacy-173xx_173.14.35-3_amd64.deb
c8615dfa5cd17e1da3a8a81228a79c723f7c74b77d5f7b48154708557574b2d7 1637756
xserver-xorg-video-nvidia-legacy-173xx_173.14.35-3_amd64.deb
2b80b9eb5f8956232d061cd5d8001add02bc54a6edd10506683975c70770be46 37606
nvidia-glx-legacy-173xx-ia32_173.14.35-3_amd64.deb
3a90498b3c19fc916e5d356e690e8b42c1cb916a5ab1e0d4e25dd21f837217fb 3526996
libgl1-nvidia-legacy-173xx-glx_173.14.35-3_amd64.deb
6889b4ca0daa31a4171c28771a7aac431a126272e975101ed585b7596ea47fd5 37752
libgl1-nvidia-legacy-173xx-glx-ia32_173.14.35-3_amd64.deb
caa5afbc665c11107860c888f749c9f40d414a3abcaca0f74005e40dd9c176fb 38374
nvidia-alternative-legacy-173xx_173.14.35-3_amd64.deb
ef7663c1a030f2c61a0b7e152cc31ccb00866ad9ef94e6ffe88fcbb9855ff8c3 3479620
nvidia-kernel-legacy-173xx-dkms_173.14.35-3_amd64.deb
3ed54281db99cafee221bc780ae678bf29e09974822de66633b76a6236cda5f4 5011874
nvidia-kernel-legacy-173xx-source_173.14.35-3_amd64.deb
484ce3250776bbae0d9fe4ca10efab6c515afbcde756101b8421b44e63b846f9 226534
nvidia-glx-legacy-173xx_173.14.35-3_i386.deb
1c6026b0f6bbe10d3ccb5a9eaa0e93080b511afdb8aa126f31033b1ae32a2e4a 1404188
xserver-xorg-video-nvidia-legacy-173xx_173.14.35-3_i386.deb
ccea5c15cd20a58337cf90ea20683e6b17c8b4834f361df11335d4ab8c2228da 3395132
libgl1-nvidia-legacy-173xx-glx_173.14.35-3_i386.deb
a826ea5ed1a822e93d3e44db3f4acc5d82f418abc23d12586ac2ff26801c697d 38384
nvidia-alternative-legacy-173xx_173.14.35-3_i386.deb
b92f6050414ce9a0c5b23844d9b6c3a24be033d330284b56a9c2f72e09e34b79 3452958
nvidia-kernel-legacy-173xx-dkms_173.14.35-3_i386.deb
6a1fac33cd8daeeba0e3caac2d70dee03b494b66e5771699d216dede87b8b962 5012014
nvidia-kernel-legacy-173xx-source_173.14.35-3_i386.deb
Files:
3b930ed64361f0e53abc4b46767db0d6 3035 non-free/libs optional
nvidia-graphics-drivers-legacy-173xx_173.14.35-3.dsc
715d49bc68f6dc50f31c9624df872e66 64301 non-free/libs optional
nvidia-graphics-drivers-legacy-173xx_173.14.35-3.debian.tar.gz
6e50685755bdebb913ce6c274508de64 226648 non-free/x11 optional
nvidia-glx-legacy-173xx_173.14.35-3_amd64.deb
0cf8e7a7c27dc76bb59e5beb1a740993 1637756 non-free/x11 optional
xserver-xorg-video-nvidia-legacy-173xx_173.14.35-3_amd64.deb
d842b49a86524fcf36667bd1e0a5cf0c 37606 non-free/oldlibs extra
nvidia-glx-legacy-173xx-ia32_173.14.35-3_amd64.deb
10527e54520500c9e65fdc9304dca841 3526996 non-free/libs optional
libgl1-nvidia-legacy-173xx-glx_173.14.35-3_amd64.deb
4939e9bc5cbe83c6c15d81d7ecd8334b 37752 non-free/oldlibs extra
libgl1-nvidia-legacy-173xx-glx-ia32_173.14.35-3_amd64.deb
7da86f16d0861011c0582f49f80eab42 38374 non-free/libs optional
nvidia-alternative-legacy-173xx_173.14.35-3_amd64.deb
2faf970612cf8a0327444e0cd588f42e 3479620 non-free/kernel optional
nvidia-kernel-legacy-173xx-dkms_173.14.35-3_amd64.deb
e808623b6cc28273f6fe29939e373f37 5011874 non-free/kernel optional
nvidia-kernel-legacy-173xx-source_173.14.35-3_amd64.deb
ae8347d19d9de163ebb3283b0d025c29 226534 non-free/x11 optional
nvidia-glx-legacy-173xx_173.14.35-3_i386.deb
0255d55df45760ffeb7936df5b2a10f0 1404188 non-free/x11 optional
xserver-xorg-video-nvidia-legacy-173xx_173.14.35-3_i386.deb
7732556cb9f53c9e1829744c12440ba3 3395132 non-free/libs optional
libgl1-nvidia-legacy-173xx-glx_173.14.35-3_i386.deb
7f4dc9dcb28cd5cce530bf3340264f12 38384 non-free/libs optional
nvidia-alternative-legacy-173xx_173.14.35-3_i386.deb
4651c4a2e9d1214d7aed6368d5e56b8e 3452958 non-free/kernel optional
nvidia-kernel-legacy-173xx-dkms_173.14.35-3_i386.deb
5759279ab8d1342cfcfc07c1e0d48ab5 5012014 non-free/kernel optional
nvidia-kernel-legacy-173xx-source_173.14.35-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQUbb5AAoJEF+zP5NZ6e0ISlIP/1U0NbmL1HTw1TRTs2PhNCxl
Xo2ff5YqCUMXwyCpN1YsbRO8Ym6gyC2RNMUVOsYbpdbDjiFfrMpbaYwAg9BXiO2f
KmC9MExJ3lT4URWnBlJh4kIcz9d4N3GnZJWGDplxPiONBDVznkKoni8dnBeUqc4y
PgVHz7RrZKXKhyaADBtwl1ARoSvViiflkScFfVOZJsiPTyw1/A5FSNZgOP1O4/Ti
M5S0DRWIPfTcVALclXJW//rTkZxcMVBE/3zm+oeee0D2vpjbc1B9z5FAZ540u5os
eTj6mz4zfv/XEQ0lYBfEdFFcYUG/TVCVO5PwBsZoWEHmSIYy76prD9ecyD+VH5xv
wxvwQWu7U4RIhgal14GigO5NhXofwVXUjULWfeA3wi2X/jQ1lLw3rInRVyYzhIlM
sP+SWKzIP2Yl866hcOqzuK7tHFExc/Re/skDju/LMj8j5qRu3Et/01jDcHBeX8Np
jVDbxgs2nsp889IY8Y/c8RSsh5VCvZ3aauxtMO2mtW5/eKYgxxAouwCtj0/cRzmm
FWZyZgMS+N6R8rPEiFrOxDujSiZViIvQpoKvgfgo2JvSoXFRd+w+iEk+VA0P7QFV
9PZQrC2KjDJGrAXVQTIzM2dqXWZjCUIaK5OJb+aWUmYYwo/jgwqJckS/Z5n2+8Z2
Im9fMLUNeg9WaKeR/sKU
=2yV/
-----END PGP SIGNATURE-----
--- End Message ---
