Bug#684781: nvidia-glx: exploitable privilege escalation

Salvatore Bonaccorso carnil at debian.org
Mon Aug 13 19:35:58 UTC 2012


Hi Andreas

Only one additional information to your report:

On Mon, Aug 13, 2012 at 09:27:44PM +0200, Andreas Beckmann wrote:
> Package: nvidia-glx
> Version: 195.36.31-6
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> There is another privilege escalation in the Nvidia binary driver.
> Nvidia Advisory: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
> Initial disclosure of the vulnerability:
>   http://permalink.gmane.org/gmane.comp.security.full-disclosure/86747
> CVE not assigned or unknown

CVE ist now assigned[1]: CVE-2012-4225
 
 [1]: http://www.openwall.com/lists/oss-security/2012/08/08/4

Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-nvidia-devel/attachments/20120813/021a55df/attachment.pgp>


More information about the pkg-nvidia-devel mailing list