Bug#684781: nvidia-glx: exploitable privilege escalation

Mon Aug 13 19:27:44 UTC 2012

Package: nvidia-glx
Version: 195.36.31-6
Severity: grave
Tags: security
Justification: user security hole

There is another privilege escalation in the Nvidia binary driver.
Nvidia Advisory: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
Initial disclosure of the vulnerability:
  http://permalink.gmane.org/gmane.comp.security.full-disclosure/86747
CVE not assigned or unknown

affected:
  squeeze
    nvidia-graphics-drivers (195.36.31-6, 195.36.31-6squeeze1)
    nvidia-graphics-modules (195.36.31+2, 195.36.31+3)
    nvidia-graphics-drivers-legacy-173xx (173.14.27-2)
  squeeze-backports
    nvidia-graphics-drivers (295.59-1~bpo60+1)
    nvidia-graphics-drivers-legacy-173xx (173.14.35-1~bpo60+1)
  wheezy/sid
    nvidia-graphics-drivers (302.17-3)
    nvidia-graphics-modules (302.17+1, 302.17+2)
    nvidia-graphics-drivers-legacy-173xx (173.14.35-2)

probably unaffected:
  nvidia-graphics-drivers-legacy-96xx (squeeze only)

fixed (according to Nvidia Advisory):
  304.32 (beta)
    experimental (304.32-1)
  295.71 (long term stable branch)

patch for older versions available, but may disable some fucntionality
(e.g. CUDA debugger)

Andreas