Date: Fri, 10 Aug 2012 15:35:33 +0100 From: "Simon L. B. Nielsen" <simon@qxnitro.org> To: Wesley Shields <wxs@freebsd.org> Cc: Alexey Dokuchaev <danfe@freebsd.org>, Doug Barton <dougb@freebsd.org>, Oliver Pinter <oliver.pntr@gmail.com>, freebsd security <freebsd-security@freebsd.org>, Rainer Hurling <rhurlin@gwdg.de>, freebsd-ports@freebsd.org Subject: Re: [Full-disclosure] nvidia linux binary driver priv escalation exploit Message-ID: <CAC8HS2HKvDj0GsFToG0zOjTpF%2Bh-Dx9C%2BwoUhX97j2DyFpC9wg@mail.gmail.com> In-Reply-To: <20120808123843.GA31238@atarininja.org> References: <CAPjTQNHv9CiLYu-r3OHHZfF1HhHYL7yuiefjOD8BqZm8hi3o=Q@mail.gmail.com> <501F7A35.5080207@FreeBSD.org> <501FAF5E.6090101@gwdg.de> <20120808103406.GA56960@FreeBSD.org> <20120808123843.GA31238@atarininja.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 8, 2012 at 1:38 PM, Wesley Shields <wxs@freebsd.org> wrote: > On Wed, Aug 08, 2012 at 10:34:06AM +0000, Alexey Dokuchaev wrote: >> On Mon, Aug 06, 2012 at 01:49:50PM +0200, Rainer Hurling wrote: >> > Am 06.08.2012 10:03 (UTC+1) schrieb Doug Barton: >> > >On 08/01/2012 05:09, Oliver Pinter wrote: >> > >>I found this today on FD: >> > >> >> > >>http://seclists.org/fulldisclosure/2012/Aug/4 >> > > >> > >Apparently this affects us as well. Any news? >> > >> > Thanks for the info. I had been not aware of it before. >> > >> > NVidia has released a driver version 304.32 for FreeBSD i386 and amd64, >> > which should remedy these security issues. >> >> Luckily, they've released version 295.71 which is on Long Lived Branch. I >> will update the port shortly. > > Thank you! > >> VuXML entry will have to follow separately, as it is unclear whether new CVE >> number will be assigned or not. > > You can do the VuXML without a CVE for now and update it when/if one is > assigned. Eh, why wouldn't a CVE name not be assigned? If none is we should ask MITRE to assign one, but it would surprise me if NVIDIA or a Linux vendor hasn't done this already. -- Simon L. B. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAC8HS2HKvDj0GsFToG0zOjTpF%2Bh-Dx9C%2BwoUhX97j2DyFpC9wg>