Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: NVIDIA vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Derek Abdine discovered that the NVIDIA Xorg driver did not correctly verify the size of buffers used to render text glyphs. When displaying very long strings of text, the Xorg server would crash. If a user were tricked into viewing a specially crafted series of glyphs, this flaw could be exploited to run arbitrary code with root privileges.
Ubuntu Security Notice USN-377-1          November 03, 2006
linux-restricted-modules-2.6.15, linux-restricted-modules-2.6.17 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:

Ubuntu 6.10:

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Derek Abdine discovered that the NVIDIA Xorg driver did not correctly 
verify the size of buffers used to render text glyphs.  When displaying 
very long strings of text, the Xorg server would crash.  If a user were 
tricked into viewing a specially crafted series of glyphs, this flaw 
could be exploited to run arbitrary code with root privileges.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    93985 860cf848d5a892ba4186fb5e32f95d71
      Size/MD5:     3185 fd345d93d114f214837ff962508a6435
      Size/MD5: 97745908 fb5765cfa2b0fdb06deb54fd6e537772

  Architecture independent packages:
      Size/MD5:    18026 511ba0287932624db24d03e8dc79e685

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   475148 5dda49165c6f7983814b3f16afbee12a
      Size/MD5:  2404976 9bcf05ed37ccfe93776ccd013b30e229
      Size/MD5:    76330 7b603576f7fea73119539f1ab13e616a
      Size/MD5:   510596 6efc07ea0add8578b32690543168e5bf
      Size/MD5:  6861368 6c694708d980e88081536cc88d67a256
      Size/MD5:  6860776 4bce165d50b69d7c8c5d059f9b69f3cf
      Size/MD5:  6837398 043473e222094dc1f67afda0122fd57d
      Size/MD5:   798880 a55cec041afe9f751e2d390989b41e98
      Size/MD5:   497168 c51520e4bb75c3a02f38e6a0250584bf
      Size/MD5:   166868 3d24ae843856bd7a9a5414b5f2df3106
      Size/MD5:   161920 bb23cd9f007b4b3ded1f33f819606c33
      Size/MD5:  6070790 de787ded8f07bb0451cb14a672483eea
      Size/MD5:  7328294 3bd3ab044d0310f4445e6a1f2d945a44
      Size/MD5:  1754438 dfbc5d8345be58adbd5c4393fdfc6645
      Size/MD5:  1405374 f84728215eaab40fd3b2d14be83d2135
      Size/MD5:   125436 d1d73b54a3a8f311c737d9628920a610
      Size/MD5: 17296644 1e31e9bfd5cca7eb4f530fe085208342

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  1204706 0c817291a4221fee929310427e96124c
      Size/MD5:  3692714 4aee7ca54a018293a36f88ac2e67b82a
      Size/MD5:    73244 9f03667b16646576b3aeaf1713338cc8
      Size/MD5:   660622 23b94b55e3545d22ecc369ab97fd57aa
      Size/MD5:  8138584 44e91577e8b3488e8c79e96bdb02f003
      Size/MD5:  7939688 9ec57786ee6e0d4007c11c82532a0195
      Size/MD5:  7938538 71e91037e2557e80ee79e8ebf32c4bc1
      Size/MD5:   798676 db53d667b0c32b49446b084853119743
      Size/MD5:   476048 5b435f2742539568b10aeaa6a796394a
      Size/MD5:   147600 67d4f4c38ed00413dca3b506d2b88292
      Size/MD5:   140040 196548e08e5a8b8eff12af82c1e321d9
      Size/MD5:  3060302 055b0320696d8b528ba718bd7b964e42
      Size/MD5:  4063236 513dd4a98ce192f609b592ceccf93bb5
      Size/MD5:  1693954 937fe24556b5ce58e5fbbb09c86fe747
      Size/MD5:  1401472 6dc14bac0bcc20fa3380f17ec0db3958
      Size/MD5:   110882 1e0a2d00fd12b4209ea4cee6aed0a6bd
      Size/MD5: 10557080 08b07d84b1e031e6292abd9b7e201d09

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  1339776 100c1caf0c79c821481c790ff4b8c78f
      Size/MD5:  1334962 7ebf39deaf741b2ce0995a897b90911c
      Size/MD5:   798758 f1a6d4e2f0305cd926b9404e9bfd79db
      Size/MD5:   508364 d0737826161116ae123462e6ae1f54c4

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   827710 485cea3ab9b8dc70c99596c07b22100d
      Size/MD5:   827628 0d9384446c976ed7a21684e1e80b2c11

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:    91862 0b689112bdb2ed66b79f28491332a004
      Size/MD5:     2609 111b65d72b4f9525795577e41a6f7f44
      Size/MD5: 94291308 1c7b51bee76f372b00e0182dcff2a3f0

  Architecture independent packages:
      Size/MD5:    19968 9fa10c891935212a6a285c97a74997b7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   476564 f506c09973eee4bfb64a46ae1e48f65f
      Size/MD5:  2129856 fce2f208a402b2111526240bc2577dac
      Size/MD5:    77346 6e5b82e4e244c2ee5f31e008316cf60d
      Size/MD5:   547288 e7714816d9e8c9e60f6ec38d6de83ac8
      Size/MD5:  6652086 4cb3732eff52654a388ed98962860369
      Size/MD5:   965670 4c176ca88d07f8532bf31a474117f599
      Size/MD5:   319150 3d687938577004da7944befb541fa632
      Size/MD5:   168262 0f734ab07464e3b802aa6fc12120772b
      Size/MD5:   162198 b724b69b1872e043f5ad1b59af4f4fa2
      Size/MD5:  6082124 cceecbe70074cf7fecc42f5e6b197c59
      Size/MD5:  7330336 c0c9ff9f408597d95bcdc3427d9e654b
      Size/MD5:  1755790 5c90ab4bd3c645e9c4ef4bc2daf6ccda
      Size/MD5:  1383304 260ee7cbf06c3c7d9d088c283b3e6dad
      Size/MD5:    93946 f5e5d5e217cb57b358b67f6ef32b92cb
      Size/MD5:   133336 0a92c5ead9753fbed625e86c1ea12896
      Size/MD5: 16016432 71939c1da3a7ed6628b9a33ca8172cf8

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  1206110 6d1181995e227863f01dee7d37500502
      Size/MD5:  3426564 b753457eef99261a3f4b790cea557791
      Size/MD5:    74670 7761d4ab233473090dc7868293365cb8
      Size/MD5:   701442 da89526ba22b2baf688c42dae37efc23
      Size/MD5:  7886198 2a240f7c12a0c6272b994275e8f7111f
      Size/MD5:  7681650 b766af56929dc612234c7182cee57e0f
      Size/MD5:   965574 7575fb2ff90854d87da08a61710ccdee
      Size/MD5:   292836 7a795982171f93b4437c09655b87a4ee
      Size/MD5:   149072 8c98c4acd0ff30063aca8938f3c202c1
      Size/MD5:   141240 98633bb9a3a9181a943985119845a9b8
      Size/MD5:  3070234 a05664bc89410cec046ba00c4083651f
      Size/MD5:  4066066 eb8326f80e95abedeb5cb8887e04a263
      Size/MD5:  1695240 82f875684987df2ee298094f9994f27c
      Size/MD5:  1374096 69bbc443179f677dba56c756c692768e
      Size/MD5:   140516 bfc8dc70278e143bc989e6a70b36d8a3
      Size/MD5:   117394 041a9a400e42797f6507ca8771bd3d05
      Size/MD5:  9402142 e3510df2f9ec71bd91145a34d6871f8c

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  1284894 3ccdcc03d7dba43075c2612f9b314153
      Size/MD5:   996264 a713b7a6cd554feb298162f8b01d872d
      Size/MD5:  1282526 4905c748a4715e08547766d40b529b97
      Size/MD5:   965668 e99b29e0fc447fc5d87104c4c74d1607
      Size/MD5:   287156 401400fb84e210db0cfc5e61d14b6a4e

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   996226 4482ff1b31be183de52c54f613827af1
      Size/MD5:   996134 7bc5aeb4a421d7fcd4aefaf63572dd00

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
OpenSSL Mystery Patch is No Heartbleed
Study: One-third of top websites vulnerable or hacked
Threat-sharing cybersecurity bill unveiled
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.