svn commit: r315767 - head/security/vuxml
Bryan Drewery
bdrewery at FreeBSD.org
Tue Apr 9 01:18:59 UTC 2013
Author: bdrewery
Date: Tue Apr 9 01:18:58 2013
New Revision: 315767
URL: http://svnweb.freebsd.org/changeset/ports/315767
Log:
- Document CVE-2013-0131 for nvidia-driver
Submitted by: danfe
Approved by: portmgr (implicit)
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Apr 8 21:26:54 2013 (r315766)
+++ head/security/vuxml/vuln.xml Tue Apr 9 01:18:58 2013 (r315767)
@@ -51,6 +51,40 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="1431f2d6-a06e-11e2-b9e0-001636d274f3">
+ <topic>NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode</topic>
+ <affects>
+ <package>
+ <name>nvidia-driver</name>
+ <range><gt>304.88</gt><lt>310.44</lt></range>
+ <range><ge>195.22</ge><lt>304.88</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVIDIA Unix security team reports:</p>
+ <blockquote cite="http://nvidia.custhelp.com/app/answers/detail/a_id/3290">
+ <p>When the NVIDIA driver for the X Window System is operated in
+ "NoScanout" mode, and an X client installs an ARGB cursor that
+ is larger than the expected size (64x64 or 256x256, depending on
+ the driver version), the driver will overflow a buffer. This
+ can cause a denial of service (e.g., an X server segmentation
+ fault), or could be exploited to achieve arbitrary code
+ execution. Because the X server runs as setuid root in many
+ configurations, an attacker could potentially use this
+ vulnerability in those configurations to gain root privileges.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-0131</cvename>
+ </references>
+ <dates>
+ <discovery>2013-03-27</discovery>
+ <entry>2013-04-08</entry>
+ </dates>
+ </vuln>
+
<vuln vid="cebed39d-9e6f-11e2-b3f5-003067c2616f">
<topic>opera -- moderately severe issue</topic>
<affects>
More information about the svn-ports-all
mailing list