A vulnerability in the NVIDIA Xorg driver was discovered by Derek
Abdine who found that it did not correctly verify the size of buffers
used to render text glyphs, resulting in a crash of the server when
displaying very long strings of text. If a user was tricked into
viewing a specially crafted series of glyphs, this flaw could be
exploited to run arbitrary code with root privileges.
This vulnerability exists in driver versions 1.0-8762 and 1.0-8774 and
is corrected in 1.0-8776 which is being provided with this update.
The packages can be found in the non-free/updates media.
Mandriva Linux 2007
3003991cb905b6b320ceabe32cc7a983 2007.0/i586/dkms-nvidia-8776-1mdv2007.0.i586.rpm 2c519b24d141713c423ef9d10c6287de 2007.0/i586/nvidia-8776-1mdv2007.0.i586.rpm 69eff61846795f6a849e2fdd5eb3a2f9 2007.0/i586/nvidia-kernel-2.6.17-5mdv-8776-1mdk.i586.rpm 5a3c611e53ec9d636c3d191e64bc7447 2007.0/i586/nvidia-kernel-2.6.17-5mdventerprise-8776-1mdk.i586.rpm 82ac29835942c5de7a3b0d72c5212b8d 2007.0/i586/nvidia-kernel-2.6.17-5mdvlegacy-8776-1mdk.i586.rpm
Mandriva Linux 2007/X86_64
03b3098b8f73457af6045dc5d9cf1cc7 2007.0/x86_64/dkms-nvidia-8776-1mdv2007.0.x86_64.rpm 7549687671abb40f1cffc85d73699c68 2007.0/x86_64/nvidia-8776-1mdv2007.0.x86_64.rpm 3a7d4c53a90033c1ab029f285abf39e5 2007.0/x86_64/nvidia-kernel-2.6.17-5mdv-8776-1mdk.x86_64.rpm
To upgrade automatically, use MandrivaUpdate.
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.