Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

[Andreas Beckmann]

On 2018-03-30 16:20, Luca Boccassi wrote:
> It's due to the updated glx-alternative-foo sets the libGL.so.1 symlink
> to Mesa, even when update-glx --glx nvidia is used:
> 
> lrwxrwxrwx 1 root root 48 Mar 30 15:02 /etc/alternatives/glx--libGL.so.1-i386-linux-gnu -> /usr/lib/mesa-diverted/i386-linux-gnu/libGL.so.1
> lrwxrwxrwx 1 root root 50 Mar 30 15:02 /etc/alternatives/glx--libGL.so.1-x86_64-linux-gnu -> /usr/lib/mesa-diverted/x86_64-linux-gnu/libGL.so.1

Is this with the libglvnd libgl1 from stretch-backports installed? Then
this is intentional.
If backports breaks after updating stable, let's fix backports, not stable,

> I guess that was done for glvnd? But this happens with the stretch-
> backports version too, is that right?

I'm not sure what the problem is here exactly ...  and how to reproduce
it in a minimal stretch chroot ...

> Changing those symlinks manually to the nvidia version fixes the
> problem.

Pointing to what?



Andreas

BTW, is 390.48 compatible with libglvnd in testing?