Advisory: ==================== A security vulnerability has been found in the NVIDIA proprietary driver which allows any process to reconfigure the GPU and gain access to arbitrary system memory (CVE-2012-0946). This vulnerability has been classified as high risk by NVIDIA. This update for the legacy nvidia-96xx driver addresses the issue. References: http://nvidia.custhelp.com/app/answers/detail/a_id/3109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0946 ==================== The following packages have been uploaded to mga1 nonfree/updates_testing: dkms-nvidia96xx-96.43.20-1.2.mga1 nvidia96xx-cuda-96.43.20-1.2.mga1 nvidia96xx-devel-96.43.20-1.2.mga1 nvidia96xx-doc-html-96.43.20-1.2.mga1 x11-driver-video-nvidia96xx-96.43.20-1.2.mga1 Source package: nvidia-96xx-96.43.20-1.2.mga1 No testcase for the vulnerability is available.
Component: RPM Packages => Security
Given the security risk is considered high, I think we should go ahead and validate this update, even though no testers have come forward. I have confirmed that the packages install cleanly and the kernel module compiles ok, on my i586 system.
CC: (none) => davidwhodgins
Validating the update. Could someone from the sysadmin team push the srpm nvidia-96xx-96.43.20-1.2.mga1 from Mageia 1 Nonfree Updates Testing to Nonfree Updates. Advisory: A security vulnerability has been found in the NVIDIA proprietary driver which allows any process to reconfigure the GPU and gain access to arbitrary system memory (CVE-2012-0946). This vulnerability has been classified as high risk by NVIDIA. This update for the legacy nvidia-96xx driver addresses the issue. References: http://nvidia.custhelp.com/app/answers/detail/a_id/3109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0946 https://bugs.mageia.org/show_bug.cgi?id=5355
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0132
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED