Advisories MDKSA-2007:007: Updated nvidia driver packages fix vulnerability

[paul]

A vulnerability in the NVIDIA Xorg driver was discovered by Derek

Abdine who found that it did not correctly verify the size of buffers

used to render text glyphs, resulting in a crash of the server when

displaying very long strings of text. If a user was tricked into

viewing a specially crafted series of glyphs, this flaw could be

exploited to run arbitrary code with root privileges.

 

This vulnerability exists in driver versions 1.0-8762 and 1.0-8774 and

is corrected in 1.0-8776 which is being provided with this update.

 

The packages can be found in the non-free/updates media.