Bug#772971: marked as done (src:nvidia-graphics-drivers*: CVE-2014-8298: GLX-INDIRECT (Including CVE-2014-8093, CVE-2014-8098))

Thu, 25 Dec 2014 07:36:27 -0800 

Your message dated Thu, 25 Dec 2014 15:32:06 +0000
with message-id <e1y4aou-0002bl...@franck.debian.org>
and subject line Bug#772971: fixed in nvidia-graphics-drivers 304.125-1
has caused the Debian Bug report #772971,
regarding src:nvidia-graphics-drivers*: CVE-2014-8298: GLX-INDIRECT (Including 
CVE-2014-8093, CVE-2014-8098)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
772971: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772971
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: nvidia-graphics-drivers
Severity: critical
Tags: security

This is the NVIDIA-specific part of 
DSA-3095-1 xorg-server -- security update

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8298

The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before
R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x
before R346.22, Lixux for Tegra (L4T) driver before R21.2, and Chrome OS
driver before R40 allows remote attackers to cause a denial of service
(segmentation fault and X server crash) or possibly execute arbitrary
code via a crafted GLX indirect rendering protocol request. 

http://lists.x.org/archives/xorg-announce/2014-December/002500.html
http://nvidia.custhelp.com/app/answers/detail/a_id/3610

Release series                  fixed in version
--------------                  ----------------
Releases prior to 304           Has reached 'end of life' and no longer 
supported.
304.*                           304.125 available as of 12/9
319.*                           no longer supported
331.*                           331.113 available as of 12/9
340.*                           340.65 available as of 12/9
343.*                           343.36 available as of 12/9
346.*                           346.22 Beta available as of 12/9

All NVIDIA drivers (in non-free) are affected:

not fixable (no new upstream release will be provided):
 nvidia-graphics-drivers-legacy-96xx  | 96.43.18-2          | squeeze/non-free  
         | source
 nvidia-graphics-drivers-legacy-96xx  | 96.43.23-3          | wheezy/non-free   
         | source
 nvidia-graphics-drivers-legacy-96xx  | 96.43.23-7~bpo70+1  | 
wheezy-backports/non-free  | source
 nvidia-graphics-drivers-legacy-173xx | 173.14.27-2         | squeeze/non-free  
         | source
 nvidia-graphics-drivers-legacy-173xx | 173.14.35-1~bpo60+2 | 
squeeze-backports/non-free | source
 nvidia-graphics-drivers-legacy-173xx | 173.14.35-4         | wheezy/non-free   
         | source
 nvidia-graphics-drivers-legacy-173xx | 173.14.39-2~bpo70+1 | 
wheezy-backports/non-free  | source
 nvidia-graphics-drivers              | 195.36.31-6squeeze2 | squeeze/non-free  
         | source
 nvidia-graphics-drivers              | 295.59-1~bpo60+2    | 
squeeze-backports/non-free | source

uploads planned (new upstream release required):
 nvidia-graphics-drivers              | 304.117-1           | wheezy/non-free   
         | source
 nvidia-graphics-drivers-legacy-304xx | 304.123-4~bpo70+1   | 
wheezy-backports/non-free  | source
 nvidia-graphics-drivers-legacy-304xx | 304.123-4           | jessie/non-free   
         | source
 nvidia-graphics-drivers-legacy-304xx | 304.123-4           | sid/non-free      
         | source
 nvidia-graphics-drivers              | 319.82-1~bpo70+2    | 
wheezy-backports/non-free  | source
 nvidia-graphics-drivers              | 340.46-6            | jessie/non-free   
         | source
 nvidia-graphics-drivers              | 340.58-1            | sid/non-free      
         | source
 nvidia-graphics-drivers              | 343.22-2            | 
experimental/non-free      | source

I expect wheezy (only nvidia-graphics-drivers can be fixed there)
shall be fixed via wheezy-proposed-updates, no DSA, as in the previous ones?


Andreas

--- End Message ---
--- Begin Message --- 
Source: nvidia-graphics-drivers
Source-Version: 304.125-1

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 772...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 16 Dec 2014 21:38:22 +0100
Source: nvidia-graphics-drivers
Binary: nvidia-glx xserver-xorg-video-nvidia nvidia-glx-ia32 libgl1-nvidia-glx 
libxvmcnvidia1 libgl1-nvidia-glx-ia32 nvidia-alternative nvidia-kernel-dkms 
nvidia-kernel-source nvidia-vdpau-driver nvidia-vdpau-driver-ia32 nvidia-smi 
libcuda1 libcuda1-ia32 libnvidia-compiler libnvidia-compiler-ia32 libnvcuvid1 
libnvidia-ml1 nvidia-opencl-common nvidia-opencl-icd nvidia-opencl-icd-ia32 
nvidia-libopencl1 nvidia-libopencl1-ia32 libgl1-nvidia-alternatives 
libgl1-nvidia-alternatives-ia32 libglx-nvidia-alternatives nvidia-detect
Architecture: source
Version: 304.125-1
Distribution: wheezy
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Description: 
 libcuda1   - NVIDIA CUDA runtime library
 libcuda1-ia32 - please switch to multiarch libcuda1:i386
 libgl1-nvidia-alternatives - transition libGL.so* diversions to 
glx-alternative-nvidia
 libgl1-nvidia-alternatives-ia32 - simplifies replacing MESA libGL with GPU 
vendor libraries (32-bit
 libgl1-nvidia-glx - NVIDIA binary OpenGL libraries${nvidia:LegacyDesc}
 libgl1-nvidia-glx-ia32 - please switch to multiarch 
libgl1-nvidia${nvidia:Legacy}-glx:i386
 libglx-nvidia-alternatives - transition libgl.so diversions to 
glx-alternative-nvidia
 libnvcuvid1 - NVIDIA CUDA nvcuvid runtime library
 libnvidia-compiler - NVIDIA runtime compiler library
 libnvidia-compiler-ia32 - please switch to multiarch libnvidia-compiler:i386
 libnvidia-ml1 - NVIDIA management library (NVML) runtime library
 libxvmcnvidia1 - NVIDIA binary XvMC library${nvidia:LegacyDesc}
 nvidia-alternative - allows the selection of NVIDIA as GLX provider
 nvidia-detect - NVIDIA GPU detection utility
 nvidia-glx - NVIDIA metapackage${nvidia:LegacyDesc}
 nvidia-glx-ia32 - NVIDIA 32-bit libraries${nvidia:LegacyDesc} (transitional 
package
 nvidia-kernel-dkms - NVIDIA binary kernel module DKMS 
source${nvidia:LegacyDesc}
 nvidia-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc}
 nvidia-libopencl1 - NVIDIA OpenCL library
 nvidia-libopencl1-ia32 - please switch to multiarch nvidia-libopencl1:i386
 nvidia-opencl-common - NVIDIA OpenCL driver
 nvidia-opencl-icd - NVIDIA OpenCL ICD
 nvidia-opencl-icd-ia32 - please switch to multiarch nvidia-opencl-icd:i386
 nvidia-smi - NVIDIA System Management Interface
 nvidia-vdpau-driver - NVIDIA vdpau driver
 nvidia-vdpau-driver-ia32 - please switch to multiarch nvidia-vdpau-driver:i386
 xserver-xorg-video-nvidia - NVIDIA binary Xorg driver${nvidia:LegacyDesc}
Closes: 772971
Changes: 
 nvidia-graphics-drivers (304.125-1) wheezy; urgency=medium
 .
   * New upstream legacy 304xx branch release 304.125 (2014-12-05).
     * Fixes CVE-2014-8298.  (Closes: #772971)
     - Added support for X.Org xserver ABI 19 (xorg-server 1.17).
     - Improved compatibility with recent Linux kernels.
     - Implemented support for disabling indirect GLX context creation using
       the -iglx option available on X.Org server release 1.16 and newer.  Note
       that future X.Org server releases may make the -iglx option the default.
       To re-enable support for indirect GLX on such servers, use the +iglx
       option.
     - Added the "AllowIndirectGLXProtocol" X config option.  This option can
       be used to disallow use of GLX protocol.  See "Appendix B. X Config
       Options" in the README for more details.
   * Refresh patches.
   * Add xorg-video-abi-19, xorg-video-abi-18 as alternative dependencies.
   * conftest.h:
     - Implement new conftest.sh function acpi_op_remove (304.123).
     - Implement new conftest.sh functions kbasename, fatal_signal_pending
       (331.38).
     - Implement new conftest.sh function kuid_t (331.49).
     - Implement new conftest.sh function pm_vt_switch_required (331.67).
     - Implement new conftest.sh function console_lock (331.79).
     - Tighten check for drm/drmP.h.
     - DRM is only supported on Linux >= 3.9.
     - Implement new conftest.sh functions sg_table, sg_alloc_table (340.46).
     - Implement extensions to conftest.sh function vm_operations_struct
       (343.13).
     - Implement check for drm/drm_gem.h (340.58).
     - Implement new conftest.sh functions pci_save_state (340.58), follow_pfn,
       fault_flags, atomic64_type (346.16).
   * Add changelog entries from etch and squeeze updates.
Checksums-Sha1: 
 04572d527e67685c8533614bba396d35b981bc25 4349 
nvidia-graphics-drivers_304.125-1.dsc
 514d0ac98ab659d287ba1d50cd1cfd33301324d8 106359926 
nvidia-graphics-drivers_304.125.orig.tar.gz
 cfebce62e16638f91bbb6c3b4960313820ae8238 114336 
nvidia-graphics-drivers_304.125-1.debian.tar.gz
Checksums-Sha256: 
 78137623530d7b4f8bf92fcb0cf332a3f409e487fa5491db806e9d0348b75f49 4349 
nvidia-graphics-drivers_304.125-1.dsc
 0435ea1d6253d878d1c761258c99c0785f53e177c5c8a6a55440de01ff63b648 106359926 
nvidia-graphics-drivers_304.125.orig.tar.gz
 575d6b83fb4bfef69612ea33043a6aaabc195f7376301437046173c0e11f9c9b 114336 
nvidia-graphics-drivers_304.125-1.debian.tar.gz
Files: 
 19d03ae238031eab6cc7cd127b104cd9 4349 non-free/libs optional 
nvidia-graphics-drivers_304.125-1.dsc
 ca6abfccfbd42ac5cbf735c1dd83765c 106359926 non-free/libs optional 
nvidia-graphics-drivers_304.125.orig.tar.gz
 7fcbd1982a7d2ed162c37b304b2d2732 114336 non-free/libs optional 
nvidia-graphics-drivers_304.125-1.debian.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUkNU9AAoJEF+zP5NZ6e0ISKUP+gLPscd7znVjRKSHhF/NISS4
JDs4hWlXrZvVFgtGJCBbV7Sjt0KRGEZCK1xGaKGkHAeWgep6KAryRj7hsnJPZ1ge
LIARqXXmfy7wRVNg0FwDvRUxD/bGtXLdCQakxGmw1lnM1SupWuZpG0e/7hJq3B8W
GtyPTYsh02gkXjOUfEizHUaPB3UWSAuoBqVjzG8ly0z+kF/RoKFT5WJs7bH3XAvo
2kre9u3y9c/7WxcoNGplAcrmWqszqxuZI8+8V1RGFFeNxS/AS3V3mW1/ooBcjzEy
qyMPB8quiSkn9+kExtvKSaCdzek/W4hKYIBZMiyO5LrzMvke3OF19/8SyyL1zKLG
RU1qPrYCYYbOq5IhYtF47eKiKmE9Af+g36wJn4I48voMDDvXmLXxUfmCuDJiCAZV
KzMCPq/yBgdLMwpME0yc5kyRnHMouE1Lc8Nzoja5qP9vSnTXiEXjUQdYyoNWaXQr
0woCkZ9UYKMEcHq3lTVL8gx9szxHPBpxU3ix3KHzEgptpXCV5yXRGiCTCcYLreLX
VqgAJitaO6ee6lHWeXqZxgEKGdM6dj8J0SILYIMSsdK8fcglrOpKVGrjjimhIeKy
DKNVRuWyZ9wHDyz50+5nkeCZgyH41Iref1V32TsulfbSukgPikeT+51gVCeOV1jP
AUqohCpDG6frwdYxxAFh
=ygfh
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to