diff options
author | simon <simon@FreeBSD.org> | 2006-10-21 06:32:30 +0800 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2006-10-21 06:32:30 +0800 |
commit | f6b492be2dbb483907b9b25b153792647e65eb7a (patch) | |
tree | c99716b3d97c2d2a961071c0a1bee7fbf5618aee /security/vuxml | |
parent | e04ab49dc93c8d373b490ac5507e5bc25e3c884d (diff) | |
download | freebsd-ports-gnome-f6b492be2dbb483907b9b25b153792647e65eb7a.tar.gz freebsd-ports-gnome-f6b492be2dbb483907b9b25b153792647e65eb7a.tar.zst freebsd-ports-gnome-f6b492be2dbb483907b9b25b153792647e65eb7a.zip |
Update entry for nvidia-driver -- arbitrary root code execution
vulnerability:
- Add new info about vulnerable versions from NVIDIA.
- Add workaround.
- Add more references.
- Remove suggestion to move to "nv" driver now that we have a simpler
workaround.
Approved by: portmgr (secteam blanket)
Parts submitted by: mnag
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b0f4c0caa461..df048ebf2f0c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -239,7 +239,7 @@ Note: Please add new entries to the beginning of this file. <affects> <package> <name>nvidia-driver</name> - <range><gt>0</gt></range> + <range><gt>1.0.8762</gt><lt>1.0.8776</lt></range> </package> </affects> <description> @@ -255,18 +255,23 @@ Note: Please add new entries to the beginning of this file. advisory.</p> <p>The NVIDIA drivers for Solaris and FreeBSD are also likely to be vulnerable.</p> - <p>4. Solution</p> - <p>Disable the binary blob driver and use the open-source - "nv" driver that is included by default with X.</p> </blockquote> + <p>Disabling Render acceleration in the "nvidia" driver, via + the "RenderAccel" X configuration option, can be used as a + workaround for this issue.</p> </body> </description> <references> + <certvu>147252</certvu> + <cvename>CVE-2006-5379</cvename> + <url>http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971</url> + <url>http://secunia.com/advisories/22419/</url> <url>http://www.rapid7.com/advisories/R7-0025.jsp</url> </references> <dates> <discovery>2006-10-16</discovery> <entry>2006-10-16</entry> + <modified>2006-10-21</modified> </dates> </vuln> |