Date: Tue, 9 Apr 2013 01:18:58 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r315767 - head/security/vuxml Message-ID: <201304090118.r391IwBn096908@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Tue Apr 9 01:18:58 2013 New Revision: 315767 URL: http://svnweb.freebsd.org/changeset/ports/315767 Log: - Document CVE-2013-0131 for nvidia-driver Submitted by: danfe Approved by: portmgr (implicit) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Apr 8 21:26:54 2013 (r315766) +++ head/security/vuxml/vuln.xml Tue Apr 9 01:18:58 2013 (r315767) @@ -51,6 +51,40 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="1431f2d6-a06e-11e2-b9e0-001636d274f3"> + <topic>NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode</topic> + <affects> + <package> + <name>nvidia-driver</name> + <range><gt>304.88</gt><lt>310.44</lt></range> + <range><ge>195.22</ge><lt>304.88</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>NVIDIA Unix security team reports:</p> + <blockquote cite="http://nvidia.custhelp.com/app/answers/detail/a_id/3290"> + <p>When the NVIDIA driver for the X Window System is operated in + "NoScanout" mode, and an X client installs an ARGB cursor that + is larger than the expected size (64x64 or 256x256, depending on + the driver version), the driver will overflow a buffer. This + can cause a denial of service (e.g., an X server segmentation + fault), or could be exploited to achieve arbitrary code + execution. Because the X server runs as setuid root in many + configurations, an attacker could potentially use this + vulnerability in those configurations to gain root privileges.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-0131</cvename> + </references> + <dates> + <discovery>2013-03-27</discovery> + <entry>2013-04-08</entry> + </dates> + </vuln> + <vuln vid="cebed39d-9e6f-11e2-b3f5-003067c2616f"> <topic>opera -- moderately severe issue</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304090118.r391IwBn096908>