Package name nvidia
Date January 10th, 2007
Advisory ID MDKSA-2007:007
Affected versions 2007.0
Synopsis Updated nvidia driver packages fix vulnerability

Problem Description

A vulnerability in the NVIDIA Xorg driver was discovered by Derek
Abdine who found that it did not correctly verify the size of buffers
used to render text glyphs, resulting in a crash of the server when
displaying very long strings of text. If a user was tricked into
viewing a specially crafted series of glyphs, this flaw could be
exploited to run arbitrary code with root privileges.

This vulnerability exists in driver versions 1.0-8762 and 1.0-8774 and
is corrected in 1.0-8776 which is being provided with this update.

The packages can be found in the non-free/updates media.

Updated Packages

Mandriva Linux 2007

 3003991cb905b6b320ceabe32cc7a983  2007.0/i586/dkms-nvidia-8776-1mdv2007.0.i586.rpm
 2c519b24d141713c423ef9d10c6287de  2007.0/i586/nvidia-8776-1mdv2007.0.i586.rpm
 69eff61846795f6a849e2fdd5eb3a2f9  2007.0/i586/nvidia-kernel-2.6.17-5mdv-8776-1mdk.i586.rpm
 5a3c611e53ec9d636c3d191e64bc7447  2007.0/i586/nvidia-kernel-2.6.17-5mdventerprise-8776-1mdk.i586.rpm
 82ac29835942c5de7a3b0d72c5212b8d  2007.0/i586/nvidia-kernel-2.6.17-5mdvlegacy-8776-1mdk.i586.rpm

Mandriva Linux 2007/X86_64

 03b3098b8f73457af6045dc5d9cf1cc7  2007.0/x86_64/dkms-nvidia-8776-1mdv2007.0.x86_64.rpm
 7549687671abb40f1cffc85d73699c68  2007.0/x86_64/nvidia-8776-1mdv2007.0.x86_64.rpm
 3a7d4c53a90033c1ab029f285abf39e5  2007.0/x86_64/nvidia-kernel-2.6.17-5mdv-8776-1mdk.x86_64.rpm



To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.