Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
Luca Boccassi
bluca at debian.org
Wed Apr 4 23:57:14 UTC 2018
On Wed, 2018-04-04 at 00:25 +0200, Andreas Beckmann wrote:
> On 2018-03-30 16:20, Luca Boccassi wrote:
> > It's due to the updated glx-alternative-foo sets the libGL.so.1
> > symlink
> > to Mesa, even when update-glx --glx nvidia is used:
> >
> > lrwxrwxrwx 1 root root 48 Mar 30 15:02 /etc/alternatives/glx
> > --libGL.so.1-i386-linux-gnu -> /usr/lib/mesa-diverted/i386-linux-
> > gnu/libGL.so.1
> > lrwxrwxrwx 1 root root 50 Mar 30 15:02 /etc/alternatives/glx
> > --libGL.so.1-x86_64-linux-gnu -> /usr/lib/mesa-diverted/x86_64-
> > linux-gnu/libGL.so.1
>
> Is this with the libglvnd libgl1 from stretch-backports installed?
> Then
> this is intentional.
> If backports breaks after updating stable, let's fix backports, not
> stable,
>
> > I guess that was done for glvnd? But this happens with the stretch-
> > backports version too, is that right?
>
> I'm not sure what the problem is here exactly ... and how to
> reproduce
> it in a minimal stretch chroot ...
>
> > Changing those symlinks manually to the nvidia version fixes the
> > problem.
>
> Pointing to what?
Gah, of course I had libglvnd from bpo. I always, always forget to
remove it when moving back and forth...
Sorry for the noise, works fine after removing those.
Do you need any help with these uploads? Would you like me to create
the tickets for the release team, or do the upload to unstable of 390?
--
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-nvidia-devel/attachments/20180405/f9a029a6/attachment.sig>
More information about the pkg-nvidia-devel
mailing list