-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:007 http://www.mandriva.com/security/ _______________________________________________________________________ Package : krb5 Date : January 10, 2007 Affected: 2007.0 _______________________________________________________________________ Problem Description: A vulnerability in the NVIDIA Xorg driver was discovered by Derek Abdine who found that it did not correctly verify the size of buffers used to render text glyphs, resulting in a crash of the server when displaying very long strings of text. If a user was tricked into viewing a specially crafted series of glyphs, this flaw could be exploited to run arbitrary code with root privileges. This vulnerability exists in driver versions 1.0-8762 and 1.0-8774 and is corrected in 1.0-8776 which is being provided with this update. The packages can be found in the non-free/updates media. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5379 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 3003991cb905b6b320ceabe32cc7a983 2007.0/i586/dkms-nvidia-8776-1mdv2007.0.i586.rpm 2c519b24d141713c423ef9d10c6287de 2007.0/i586/nvidia-8776-1mdv2007.0.i586.rpm 69eff61846795f6a849e2fdd5eb3a2f9 2007.0/i586/nvidia-kernel-2.6.17-5mdv-8776-1mdk.i586.rpm 5a3c611e53ec9d636c3d191e64bc7447 2007.0/i586/nvidia-kernel-2.6.17-5mdventerprise-8776-1mdk.i586.rpm 82ac29835942c5de7a3b0d72c5212b8d 2007.0/i586/nvidia-kernel-2.6.17-5mdvlegacy-8776-1mdk.i586.rpm Mandriva Linux 2007.0/X86_64: 03b3098b8f73457af6045dc5d9cf1cc7 2007.0/x86_64/dkms-nvidia-8776-1mdv2007.0.x86_64.rpm 7549687671abb40f1cffc85d73699c68 2007.0/x86_64/nvidia-8776-1mdv2007.0.x86_64.rpm 3a7d4c53a90033c1ab029f285abf39e5 2007.0/x86_64/nvidia-kernel-2.6.17-5mdv-8776-1mdk.x86_64.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFpYpumqjQ0CJFipgRAjS0AJ4sh2Y8FzwqOs6QcrXvBMypEZGQWgCeLtzs NOa++IRzhzj1sW8WFS6QmAw= =x42v -----END PGP SIGNATURE-----