aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2006-10-21 06:32:30 +0800
committersimon <simon@FreeBSD.org>2006-10-21 06:32:30 +0800
commitf6b492be2dbb483907b9b25b153792647e65eb7a (patch)
treec99716b3d97c2d2a961071c0a1bee7fbf5618aee /security/vuxml
parente04ab49dc93c8d373b490ac5507e5bc25e3c884d (diff)
downloadfreebsd-ports-gnome-f6b492be2dbb483907b9b25b153792647e65eb7a.tar.gz
freebsd-ports-gnome-f6b492be2dbb483907b9b25b153792647e65eb7a.tar.zst
freebsd-ports-gnome-f6b492be2dbb483907b9b25b153792647e65eb7a.zip
Update entry for nvidia-driver -- arbitrary root code execution
vulnerability: - Add new info about vulnerable versions from NVIDIA. - Add workaround. - Add more references. - Remove suggestion to move to "nv" driver now that we have a simpler workaround. Approved by: portmgr (secteam blanket) Parts submitted by: mnag
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml13
1 files changed, 9 insertions, 4 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index b0f4c0caa461..df048ebf2f0c 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -239,7 +239,7 @@ Note: Please add new entries to the beginning of this file.
<affects>
<package>
<name>nvidia-driver</name>
- <range><gt>0</gt></range>
+ <range><gt>1.0.8762</gt><lt>1.0.8776</lt></range>
</package>
</affects>
<description>
@@ -255,18 +255,23 @@ Note: Please add new entries to the beginning of this file.
advisory.</p>
<p>The NVIDIA drivers for Solaris and FreeBSD are also
likely to be vulnerable.</p>
- <p>4. Solution</p>
- <p>Disable the binary blob driver and use the open-source
- "nv" driver that is included by default with X.</p>
</blockquote>
+ <p>Disabling Render acceleration in the "nvidia" driver, via
+ the "RenderAccel" X configuration option, can be used as a
+ workaround for this issue.</p>
</body>
</description>
<references>
+ <certvu>147252</certvu>
+ <cvename>CVE-2006-5379</cvename>
+ <url>http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971</url>
+ <url>http://secunia.com/advisories/22419/</url>
<url>http://www.rapid7.com/advisories/R7-0025.jsp</url>
</references>
<dates>
<discovery>2006-10-16</discovery>
<entry>2006-10-16</entry>
+ <modified>2006-10-21</modified>
</dates>
</vuln>