Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Andreas Beckmann anbe at debian.org
Tue Apr 3 22:25:19 UTC 2018

On 2018-03-30 16:20, Luca Boccassi wrote:
> It's due to the updated glx-alternative-foo sets the libGL.so.1 symlink
> to Mesa, even when update-glx --glx nvidia is used:
> lrwxrwxrwx 1 root root 48 Mar 30 15:02 /etc/alternatives/glx--libGL.so.1-i386-linux-gnu -> /usr/lib/mesa-diverted/i386-linux-gnu/libGL.so.1
> lrwxrwxrwx 1 root root 50 Mar 30 15:02 /etc/alternatives/glx--libGL.so.1-x86_64-linux-gnu -> /usr/lib/mesa-diverted/x86_64-linux-gnu/libGL.so.1

Is this with the libglvnd libgl1 from stretch-backports installed? Then
this is intentional.
If backports breaks after updating stable, let's fix backports, not stable,

> I guess that was done for glvnd? But this happens with the stretch-
> backports version too, is that right?

I'm not sure what the problem is here exactly ...  and how to reproduce
it in a minimal stretch chroot ...

> Changing those symlinks manually to the nvidia version fixes the
> problem.

Pointing to what?


BTW, is 390.48 compatible with libglvnd in testing?

More information about the pkg-nvidia-devel mailing list