nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Debian Bug report logs - #894338
nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Luca Boccassi <bluca@debian.org>

To: submit@bugs.debian.org

Subject: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Date: Thu, 29 Mar 2018 11:11:59 +0100

[Message part 1 (text/plain, inline)]

Source: nvidia-graphics-drivers
Version: 384.111
Severity: serious
Tags: security upstream

http://nvidia.custhelp.com/app/answers/detail/a_id/4649

CVE-2018-6249

NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer
handler where a NULL pointer dereference may lead to denial of service
or potential escalation of privileges.

CVE-2018-6253

NVIDIA GPU Display Driver contains a vulnerability in the DirectX and
OpenGL Usermode drivers where a specially crafted pixel shader can
cause infinite recursion leading to denial of service.

Fixed versions:

R390	390.46
R384	384.125

-- 
Kind regards,
Luca Boccassi

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 894338@bugs.debian.org (full text, mbox, reply):

From: Luca Boccassi <bluca@debian.org>

To: 894338@bugs.debian.org

Subject: Re: Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Date: Thu, 29 Mar 2018 12:54:37 +0100

[Message part 1 (text/plain, inline)]

Control: found -1 384.111-4
Control: found -1 390.42-1Control: notfound -1 384.111

On Thu, 2018-03-29 at 11:11 +0100, Luca Boccassi wrote:
> Source: nvidia-graphics-drivers
> Version: 384.111
> Severity: serious
> Tags: security upstream
> 
> http://nvidia.custhelp.com/app/answers/detail/a_id/4649
> 
> CVE-2018-6249
> 
> NVIDIA GPU Display Driver contains a vulnerability in kernel mode
> layer
> handler where a NULL pointer dereference may lead to denial of
> service
> or potential escalation of privileges.
> 
> CVE-2018-6253
> 
> NVIDIA GPU Display Driver contains a vulnerability in the DirectX and
> OpenGL Usermode drivers where a specially crafted pixel shader can
> cause infinite recursion leading to denial of service.
> 
> Fixed versions:
> 
> R390	390.46
> R384	384.125

Andreas,

I've tested 384.130 on Stretch and it seems to be working fine (I've
only build-tested 390.48).

Is it worth going through backports or shall we just go directly to
stretch-p-u given the CVE?

-- 
Kind regards,
Luca Boccassi

[signature.asc (application/pgp-signature, inline)]

Message #17 received at 894338@bugs.debian.org (full text, mbox, reply):

From: Ivan Kozik <ivan@ludios.org>

To: Luca Boccassi <bluca@debian.org>, 894338@bugs.debian.org

Subject: Re: Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Date: Fri, 30 Mar 2018 02:10:48 +0000

The 384-stretch@7949 commit with nvidia-graphics-drivers
(384.130-0svn1) is also working for me on stretch after fixing the
libGL.so.1 symlink in debian/libgl1-glvnd-nvidia-glx.links.in to point
to libGL.so.1.7.0; not sure if you caught that already.

Best,

Ivan

Message #22 received at 894338@bugs.debian.org (full text, mbox, reply):

From: Luca Boccassi <bluca@debian.org>

To: 894338@bugs.debian.org

Subject: Re: Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Date: Fri, 30 Mar 2018 13:10:29 +0100

[Message part 1 (text/plain, inline)]

On Thu, 2018-03-29 at 12:54 +0100, Luca Boccassi wrote:
> Control: found -1 384.111-4
> Control: found -1 390.42-1Control: notfound -1 384.111
> 
> On Thu, 2018-03-29 at 11:11 +0100, Luca Boccassi wrote:
> > Source: nvidia-graphics-drivers
> > Version: 384.111
> > Severity: serious
> > Tags: security upstream
> > 
> > http://nvidia.custhelp.com/app/answers/detail/a_id/4649
> > 
> > CVE-2018-6249
> > 
> > NVIDIA GPU Display Driver contains a vulnerability in kernel mode
> > layer
> > handler where a NULL pointer dereference may lead to denial of
> > service
> > or potential escalation of privileges.
> > 
> > CVE-2018-6253
> > 
> > NVIDIA GPU Display Driver contains a vulnerability in the DirectX
> > and
> > OpenGL Usermode drivers where a specially crafted pixel shader can
> > cause infinite recursion leading to denial of service.
> > 
> > Fixed versions:
> > 
> > R390	390.46
> > R384	384.125
> 
> Andreas,
> 
> I've tested 384.130 on Stretch and it seems to be working fine (I've
> only build-tested 390.48).
> 
> Is it worth going through backports or shall we just go directly to
> stretch-p-u given the CVE?

Sounds like I spoke too soon - I only tested the non-glvnd
installation. The glvnd one is borken (even with the symlink fix):

Mar 30 12:57:41 luca-desktop gnome-session[1152]: /usr/lib/gnome-session/gnome-session-check-accelerated-gl-helper: error while loading shared libraries: libGL.so.1: cannot open shared object file: No such file or directory 
Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-check-accelerated: GL Helper exited with code 32512
Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to initialize Clutter: Unable to initialize the Clutter backend: no available drivers found.
Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to initialize Clutter.
Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code 1
Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code 1
Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to initialize Clutter: Unable to initialize the Clutter backend: no available drivers found.
Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to initialize Clutter.
Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code 1
Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' respawning too quickly
Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code 1
Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: Unrecoverable failure in required component org.gnome.Shell.desktop
Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' respawning too quickly
Mar 30 12:57:41 luca-desktop gnome-session[1152]: Unable to init server: Could not connect: Connection refused
Mar 30 12:57:41 luca-desktop kernel: gnome-session-f[1178]: segfault at 0 ip 00007fa9db697e19 sp 00007ffebc6e5cb0 error 4 in libgtk-3.so.0.2200.11[7fa9db3b5000+700000]

Did I forget to update some path? In glx-alternatives perhaps?

-- 
Kind regards,
Luca Boccassi

[signature.asc (application/pgp-signature, inline)]

Message #27 received at 894338@bugs.debian.org (full text, mbox, reply):

From: Luca Boccassi <bluca@debian.org>

To: 894338@bugs.debian.org

Subject: Re: Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Date: Fri, 30 Mar 2018 15:12:58 +0100

[Message part 1 (text/plain, inline)]

On Fri, 2018-03-30 at 13:10 +0100, Luca Boccassi wrote:
> On Thu, 2018-03-29 at 12:54 +0100, Luca Boccassi wrote:
> > Control: found -1 384.111-4
> > Control: found -1 390.42-1Control: notfound -1 384.111
> > 
> > On Thu, 2018-03-29 at 11:11 +0100, Luca Boccassi wrote:
> > > Source: nvidia-graphics-drivers
> > > Version: 384.111
> > > Severity: serious
> > > Tags: security upstream
> > > 
> > > http://nvidia.custhelp.com/app/answers/detail/a_id/4649
> > > 
> > > CVE-2018-6249
> > > 
> > > NVIDIA GPU Display Driver contains a vulnerability in kernel mode
> > > layer
> > > handler where a NULL pointer dereference may lead to denial of
> > > service
> > > or potential escalation of privileges.
> > > 
> > > CVE-2018-6253
> > > 
> > > NVIDIA GPU Display Driver contains a vulnerability in the DirectX
> > > and
> > > OpenGL Usermode drivers where a specially crafted pixel shader
> > > can
> > > cause infinite recursion leading to denial of service.
> > > 
> > > Fixed versions:
> > > 
> > > R390	390.46
> > > R384	384.125
> > 
> > Andreas,
> > 
> > I've tested 384.130 on Stretch and it seems to be working fine
> > (I've
> > only build-tested 390.48).
> > 
> > Is it worth going through backports or shall we just go directly to
> > stretch-p-u given the CVE?
> 
> Sounds like I spoke too soon - I only tested the non-glvnd
> installation. The glvnd one is borken (even with the symlink fix):
> 
> Mar 30 12:57:41 luca-desktop gnome-session[1152]: /usr/lib/gnome-
> session/gnome-session-check-accelerated-gl-helper: error while
> loading shared libraries: libGL.so.1: cannot open shared object file:
> No such file or directory 
> Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-
> check-accelerated: GL Helper exited with code 32512
> Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to initialize
> Clutter: Unable to initialize the Clutter backend: no available
> drivers found.
> Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to initialize
> Clutter.
> Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-
> binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code
> 1
> Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App
> 'org.gnome.Shell.desktop' exited with code 1
> Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to initialize
> Clutter: Unable to initialize the Clutter backend: no available
> drivers found.
> Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to initialize
> Clutter.
> Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-
> binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code
> 1
> Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-
> binary[1152]: WARNING: App 'org.gnome.Shell.desktop' respawning too
> quickly
> Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App
> 'org.gnome.Shell.desktop' exited with code 1
> Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]:
> Unrecoverable failure in required component org.gnome.Shell.desktop
> Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App
> 'org.gnome.Shell.desktop' respawning too quickly
> Mar 30 12:57:41 luca-desktop gnome-session[1152]: Unable to init
> server: Could not connect: Connection refused
> Mar 30 12:57:41 luca-desktop kernel: gnome-session-f[1178]: segfault
> at 0 ip 00007fa9db697e19 sp 00007ffebc6e5cb0 error 4 in libgtk-
> 3.so.0.2200.11[7fa9db3b5000+700000]
> 
> Did I forget to update some path? In glx-alternatives perhaps?

I had forgot to update glx-alt to the version in backports, d'oh. But
after doing so Gnome still fails to start, with a different error:

Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: libGL error: No matching fbConfigs or visuals found
Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: libGL error: failed to load driver: swrast
Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: X Error of failed request:  GLXBadContext
Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]:   Major opcode of failed request:  154 (GLX)
Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]:   Minor opcode of failed request:  6 (X_GLXIsDirect)
Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]:   Serial number of failed request:  95
Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]:   Current serial number in output stream:  94

-- 
Kind regards,
Luca Boccassi

[signature.asc (application/pgp-signature, inline)]

Message #32 received at 894338@bugs.debian.org (full text, mbox, reply):

From: Luca Boccassi <bluca@debian.org>

To: 894338@bugs.debian.org

Subject: Re: Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Date: Fri, 30 Mar 2018 15:20:37 +0100

[Message part 1 (text/plain, inline)]

On Fri, 2018-03-30 at 15:12 +0100, Luca Boccassi wrote:
> On Fri, 2018-03-30 at 13:10 +0100, Luca Boccassi wrote:
> > On Thu, 2018-03-29 at 12:54 +0100, Luca Boccassi wrote:
> > > Control: found -1 384.111-4
> > > Control: found -1 390.42-1Control: notfound -1 384.111
> > > 
> > > On Thu, 2018-03-29 at 11:11 +0100, Luca Boccassi wrote:
> > > > Source: nvidia-graphics-drivers
> > > > Version: 384.111
> > > > Severity: serious
> > > > Tags: security upstream
> > > > 
> > > > http://nvidia.custhelp.com/app/answers/detail/a_id/4649
> > > > 
> > > > CVE-2018-6249
> > > > 
> > > > NVIDIA GPU Display Driver contains a vulnerability in kernel
> > > > mode
> > > > layer
> > > > handler where a NULL pointer dereference may lead to denial of
> > > > service
> > > > or potential escalation of privileges.
> > > > 
> > > > CVE-2018-6253
> > > > 
> > > > NVIDIA GPU Display Driver contains a vulnerability in the
> > > > DirectX
> > > > and
> > > > OpenGL Usermode drivers where a specially crafted pixel shader
> > > > can
> > > > cause infinite recursion leading to denial of service.
> > > > 
> > > > Fixed versions:
> > > > 
> > > > R390	390.46
> > > > R384	384.125
> > > 
> > > Andreas,
> > > 
> > > I've tested 384.130 on Stretch and it seems to be working fine
> > > (I've
> > > only build-tested 390.48).
> > > 
> > > Is it worth going through backports or shall we just go directly
> > > to
> > > stretch-p-u given the CVE?
> > 
> > Sounds like I spoke too soon - I only tested the non-glvnd
> > installation. The glvnd one is borken (even with the symlink fix):
> > 
> > Mar 30 12:57:41 luca-desktop gnome-session[1152]: /usr/lib/gnome-
> > session/gnome-session-check-accelerated-gl-helper: error while
> > loading shared libraries: libGL.so.1: cannot open shared object
> > file:
> > No such file or directory 
> > Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-
> > check-accelerated: GL Helper exited with code 32512
> > Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to
> > initialize
> > Clutter: Unable to initialize the Clutter backend: no available
> > drivers found.
> > Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to
> > initialize
> > Clutter.
> > Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-
> > binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with
> > code
> > 1
> > Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING:
> > App
> > 'org.gnome.Shell.desktop' exited with code 1
> > Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to
> > initialize
> > Clutter: Unable to initialize the Clutter backend: no available
> > drivers found.
> > Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to
> > initialize
> > Clutter.
> > Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-
> > binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with
> > code
> > 1
> > Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-
> > binary[1152]: WARNING: App 'org.gnome.Shell.desktop' respawning too
> > quickly
> > Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING:
> > App
> > 'org.gnome.Shell.desktop' exited with code 1
> > Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]:
> > Unrecoverable failure in required component org.gnome.Shell.desktop
> > Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING:
> > App
> > 'org.gnome.Shell.desktop' respawning too quickly
> > Mar 30 12:57:41 luca-desktop gnome-session[1152]: Unable to init
> > server: Could not connect: Connection refused
> > Mar 30 12:57:41 luca-desktop kernel: gnome-session-f[1178]:
> > segfault
> > at 0 ip 00007fa9db697e19 sp 00007ffebc6e5cb0 error 4 in libgtk-
> > 3.so.0.2200.11[7fa9db3b5000+700000]
> > 
> > Did I forget to update some path? In glx-alternatives perhaps?
> 
> I had forgot to update glx-alt to the version in backports, d'oh. But
> after doing so Gnome still fails to start, with a different error:
> 
> Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: libGL
> error: No matching fbConfigs or visuals found
> Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: libGL
> error: failed to load driver: swrast
> Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: X Error
> of failed request:  GLXBadContext
> Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]:   Major
> opcode of failed request:  154 (GLX)
> Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]:   Minor
> opcode of failed request:  6 (X_GLXIsDirect)
> Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]:   Serial
> number of failed request:  95
> Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]:   Current
> serial number in output stream:  94

It's due to the updated glx-alternative-foo sets the libGL.so.1 symlink
to Mesa, even when update-glx --glx nvidia is used:

lrwxrwxrwx 1 root root 48 Mar 30 15:02 /etc/alternatives/glx--libGL.so.1-i386-linux-gnu -> /usr/lib/mesa-diverted/i386-linux-gnu/libGL.so.1
lrwxrwxrwx 1 root root 50 Mar 30 15:02 /etc/alternatives/glx--libGL.so.1-x86_64-linux-gnu -> /usr/lib/mesa-diverted/x86_64-linux-gnu/libGL.so.1

I guess that was done for glvnd? But this happens with the stretch-
backports version too, is that right?
Changing those symlinks manually to the nvidia version fixes the
problem.

Andreas, what should we do here for Stretch? If we update stretch to
384.130 we'll need the new glx-alternative too as they updated the
SONAMEs (a bit strange for an LTS branch), but as-is it will be borken,
unless I'm missing something.

-- 
Kind regards,
Luca Boccassi

[signature.asc (application/pgp-signature, inline)]

Message #37 received at 894338@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <anbe@debian.org>

To: Luca Boccassi <bluca@debian.org>, 894338@bugs.debian.org

Subject: Re: Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Date: Tue, 3 Apr 2018 21:33:52 +0200

On 2018-03-30 16:20, Luca Boccassi wrote:
> Andreas, what should we do here for Stretch? If we update stretch to
> 384.130 we'll need the new glx-alternative too as they updated the
> SONAMEs (a bit strange for an LTS branch), but as-is it will be borken,
> unless I'm missing something.

I prepared a stretch update for glx-alternatives in branch stretch.


Andreas

Message #42 received at 894338@bugs.debian.org (full text, mbox, reply):

From: Luca Boccassi <bluca@debian.org>

To: 894338@bugs.debian.org

Subject: Re: Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Date: Tue, 03 Apr 2018 21:17:05 +0100

[Message part 1 (text/plain, inline)]

On Tue, 2018-04-03 at 21:33 +0200, Andreas Beckmann wrote:
> On 2018-03-30 16:20, Luca Boccassi wrote:
> > Andreas, what should we do here for Stretch? If we update stretch
> > to
> > 384.130 we'll need the new glx-alternative too as they updated the
> > SONAMEs (a bit strange for an LTS branch), but as-is it will be
> > borken,
> > unless I'm missing something.
> 
> I prepared a stretch update for glx-alternatives in branch stretch.
> 
> 
> Andreas

Shouldn't this be reverted too:

https://salsa.debian.org/nvidia-team/glx-alternatives/commit/30014d629d71ae2400a0aae8533089daec23d8c9

Or another solution found? As it is right now, it won't work in stretch
as mentioned in my previous mail

-- 
Kind regards,
Luca Boccassi

[signature.asc (application/pgp-signature, inline)]

Message #47 received at 894338@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <anbe@debian.org>

To: Luca Boccassi <bluca@debian.org>, 894338@bugs.debian.org

Subject: Re: Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Date: Wed, 4 Apr 2018 00:25:19 +0200

On 2018-03-30 16:20, Luca Boccassi wrote:
> It's due to the updated glx-alternative-foo sets the libGL.so.1 symlink
> to Mesa, even when update-glx --glx nvidia is used:
> 
> lrwxrwxrwx 1 root root 48 Mar 30 15:02 /etc/alternatives/glx--libGL.so.1-i386-linux-gnu -> /usr/lib/mesa-diverted/i386-linux-gnu/libGL.so.1
> lrwxrwxrwx 1 root root 50 Mar 30 15:02 /etc/alternatives/glx--libGL.so.1-x86_64-linux-gnu -> /usr/lib/mesa-diverted/x86_64-linux-gnu/libGL.so.1

Is this with the libglvnd libgl1 from stretch-backports installed? Then
this is intentional.
If backports breaks after updating stable, let's fix backports, not stable,

> I guess that was done for glvnd? But this happens with the stretch-
> backports version too, is that right?

I'm not sure what the problem is here exactly ...  and how to reproduce
it in a minimal stretch chroot ...

> Changing those symlinks manually to the nvidia version fixes the
> problem.

Pointing to what?



Andreas

BTW, is 390.48 compatible with libglvnd in testing?

Message #52 received at 894338@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <anbe@debian.org>

To: Luca Boccassi <bluca@debian.org>, 894338@bugs.debian.org

Subject: Re: Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Date: Wed, 4 Apr 2018 00:29:53 +0200

On 2018-04-03 22:17, Luca Boccassi wrote:
> Shouldn't this be reverted too:
> 
> https://salsa.debian.org/nvidia-team/glx-alternatives/commit/30014d629d71ae2400a0aae8533089daec23d8c9

No, this should do the right thing on stretch, too.
The old code in stretch is broken in some corner cases.


Andreas

Message #57 received at 894338@bugs.debian.org (full text, mbox, reply):

From: Luca Boccassi <bluca@debian.org>

To: 894338@bugs.debian.org

Subject: Re: Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Date: Thu, 05 Apr 2018 00:57:14 +0100

[Message part 1 (text/plain, inline)]

On Wed, 2018-04-04 at 00:25 +0200, Andreas Beckmann wrote:
> On 2018-03-30 16:20, Luca Boccassi wrote:
> > It's due to the updated glx-alternative-foo sets the libGL.so.1
> > symlink
> > to Mesa, even when update-glx --glx nvidia is used:
> > 
> > lrwxrwxrwx 1 root root 48 Mar 30 15:02 /etc/alternatives/glx
> > --libGL.so.1-i386-linux-gnu -> /usr/lib/mesa-diverted/i386-linux-
> > gnu/libGL.so.1
> > lrwxrwxrwx 1 root root 50 Mar 30 15:02 /etc/alternatives/glx
> > --libGL.so.1-x86_64-linux-gnu -> /usr/lib/mesa-diverted/x86_64-
> > linux-gnu/libGL.so.1
> 
> Is this with the libglvnd libgl1 from stretch-backports installed?
> Then
> this is intentional.
> If backports breaks after updating stable, let's fix backports, not
> stable,
> 
> > I guess that was done for glvnd? But this happens with the stretch-
> > backports version too, is that right?
> 
> I'm not sure what the problem is here exactly ...  and how to
> reproduce
> it in a minimal stretch chroot ...
> 
> > Changing those symlinks manually to the nvidia version fixes the
> > problem.
> 
> Pointing to what?

Gah, of course I had libglvnd from bpo. I always, always forget to
remove it when moving back and forth...

Sorry for the noise, works fine after removing those.

Do you need any help with these uploads? Would you like me to create
the tickets for the release team, or do the upload to unstable of 390?

-- 
Kind regards,
Luca Boccassi

[signature.asc (application/pgp-signature, inline)]

Message #62 received at 894338-close@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <anbe@debian.org>

To: 894338-close@bugs.debian.org

Subject: Bug#894338: fixed in nvidia-graphics-drivers 390.48-1

Date: Thu, 05 Apr 2018 16:44:15 +0000

Source: nvidia-graphics-drivers
Source-Version: 390.48-1

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 894338@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <anbe@debian.org> (supplier of updated nvidia-graphics-drivers package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 05 Apr 2018 17:51:02 +0200
Source: nvidia-graphics-drivers
Binary: nvidia-driver nvidia-driver-bin nvidia-driver-libs nvidia-driver-libs-i386 nvidia-driver-libs-nonglvnd nvidia-driver-libs-nonglvnd-i386 xserver-xorg-video-nvidia nvidia-legacy-check libglvnd0-nvidia libopengl0-glvnd-nvidia libglx0-glvnd-nvidia libglx-nvidia0 libgl1-glvnd-nvidia-glx libgl1-nvidia-glvnd-glx libgl1-nvidia-glx libnvidia-glcore libegl1-glvnd-nvidia libegl1-nvidia libegl-nvidia0 libgles1-glvnd-nvidia libgles1-nvidia libgles-nvidia1 libgles2-glvnd-nvidia libgles2-nvidia libgles-nvidia2 libnvidia-eglcore nvidia-egl-common nvidia-egl-icd libnvidia-egl-wayland1 nvidia-egl-wayland-common nvidia-egl-wayland-icd nvidia-vulkan-common nvidia-vulkan-icd nvidia-nonglvnd-vulkan-common nvidia-nonglvnd-vulkan-icd libnvidia-cfg1 nvidia-alternative nvidia-kernel-support nvidia-kernel-dkms nvidia-kernel-source nvidia-vdpau-driver nvidia-smi nvidia-cuda-mps libcuda1 libcuda1-i386 libnvidia-compiler libnvidia-fatbinaryloader libnvidia-ptxjitcompiler1 libnvcuvid1
 libnvidia-encode1 libnvidia-ifr1 libnvidia-fbc1 libnvidia-ml1 nvidia-opencl-common nvidia-opencl-icd nvidia-libopencl1
 nvidia-detect
Architecture: source
Version: 390.48-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <anbe@debian.org>
Description:
 libcuda1   - NVIDIA CUDA Driver Library
 libcuda1-i386 - NVIDIA CUDA 32-bit runtime library
 libegl-nvidia0 - NVIDIA binary EGL library
 libegl1-glvnd-nvidia - Vendor neutral GL dispatch library -- libEGL
 libegl1-nvidia - NVIDIA binary EGL library (non-GLVND variant)
 libgl1-glvnd-nvidia-glx - Vendor neutral GL dispatch library -- libGL
 libgl1-nvidia-glvnd-glx - NVIDIA binary OpenGL/GLX library (GLVND variant)
 libgl1-nvidia-glx - NVIDIA binary OpenGL/GLX library (non-GLVND variant)
 libgles-nvidia1 - NVIDIA binary OpenGL|ES 1.x library
 libgles-nvidia2 - NVIDIA binary OpenGL|ES 2.x library
 libgles1-glvnd-nvidia - NVIDIA binary OpenGL|ES 1.x GLVND stub library
 libgles1-nvidia - NVIDIA binary OpenGL|ES 1.x library (transitional)
 libgles2-glvnd-nvidia - NVIDIA binary OpenGL|ES 2.x GLVND stub library
 libgles2-nvidia - NVIDIA binary OpenGL|ES 2.x library (transitional)
 libglvnd0-nvidia - Vendor neutral GL dispatch library -- libGLdispatch
 libglx-nvidia0 - NVIDIA binary GLX library
 libglx0-glvnd-nvidia - Vendor neutral GL dispatch library -- libGLX
 libnvcuvid1 - NVIDIA CUDA Video Decoder runtime library
 libnvidia-cfg1 - NVIDIA binary OpenGL/GLX configuration library
 libnvidia-compiler - NVIDIA runtime compiler library
 libnvidia-egl-wayland1 - NVIDIA binary Wayland EGL external platform library
 libnvidia-eglcore - NVIDIA binary EGL core libraries
 libnvidia-encode1 - NVENC Video Encoding runtime library
 libnvidia-fatbinaryloader - NVIDIA FAT binary loader
 libnvidia-fbc1 - NVIDIA OpenGL-based Framebuffer Capture runtime library
 libnvidia-glcore - NVIDIA binary OpenGL/GLX core libraries
 libnvidia-ifr1 - NVIDIA OpenGL-based Inband Frame Readback runtime library
 libnvidia-ml1 - NVIDIA Management Library (NVML) runtime library
 libnvidia-ptxjitcompiler1 - NVIDIA PTX JIT Compiler
 libopengl0-glvnd-nvidia - Vendor neutral GL dispatch library -- libOpenGL
 nvidia-alternative - allows the selection of NVIDIA as GLX provider
 nvidia-cuda-mps - NVIDIA CUDA Multi Process Service (MPS)
 nvidia-detect - NVIDIA GPU detection utility
 nvidia-driver - NVIDIA metapackage
 nvidia-driver-bin - NVIDIA driver support binaries
 nvidia-driver-libs - NVIDIA metapackage (OpenGL/GLX/EGL/GLES libraries)
 nvidia-driver-libs-i386 - NVIDIA metapackage (OpenGL/GLX/EGL/GLES 32-bit libraries)
 nvidia-driver-libs-nonglvnd - NVIDIA metapackage (non-GLVND OpenGL/GLX/EGL/GLES libraries)
 nvidia-driver-libs-nonglvnd-i386 - NVIDIA metapackage (non-GLVND OpenGL/GLX/EGL/GLES 32-bit librarie
 nvidia-egl-common - NVIDIA binary EGL driver - common files
 nvidia-egl-icd - NVIDIA EGL installable client driver (ICD)
 nvidia-egl-wayland-common - NVIDIA binary Wayland EGL external platform - common files
 nvidia-egl-wayland-icd - NVIDIA Wayland EGL external platform library (ICD)
 nvidia-kernel-dkms - NVIDIA binary kernel module DKMS source
 nvidia-kernel-source - NVIDIA binary kernel module source
 nvidia-kernel-support - NVIDIA binary kernel module support files
 nvidia-legacy-check - check for NVIDIA GPUs requiring a legacy driver
 nvidia-libopencl1 - NVIDIA OpenCL ICD Loader library
 nvidia-nonglvnd-vulkan-common - NVIDIA Vulkan driver - common files (non-GLVND variant)
 nvidia-nonglvnd-vulkan-icd - NVIDIA Vulkan installable client driver (ICD) (non-GLVND variant)
 nvidia-opencl-common - NVIDIA OpenCL driver - common files
 nvidia-opencl-icd - NVIDIA OpenCL installable client driver (ICD)
 nvidia-smi - NVIDIA System Management Interface
 nvidia-vdpau-driver - Video Decode and Presentation API for Unix - NVIDIA driver
 nvidia-vulkan-common - NVIDIA Vulkan driver - common files
 nvidia-vulkan-icd - NVIDIA Vulkan installable client driver (ICD)
 xserver-xorg-video-nvidia - NVIDIA binary Xorg driver
Closes: 894338
Changes:
 nvidia-graphics-drivers (390.48-1) unstable; urgency=medium
 .
   * New upstream long lived branch release 390.48 (2018-03-28).
     * Fixed CVE-2018-6249, CVE-2018-625.
       https://nvidia.custhelp.com/app/answers/detail/a_id/4649
       (Closes: #894338)
     - Added support for the following GPUs: Quadro GV100, Tesla
       V100-SXM2-32GB, Tesla V100-PCIE-32GB, Tesla V100-DGXS-32GB.
     - Updated the driver to prevent G-SYNC from being enabled when a
       Quadro Sync board is installed. G-SYNC and Quadro Sync were always
       mutually incompatible features, and this change makes it easier to
       use G-SYNC capable monitors on Quadro Sync configurations, as it is
       now no longer necessary to manually disable G-SYNC.
     - Further improved the fix for occasional flicker when using the X
       driver's composition pipeline.  This was mostly fixed in 390.42,
       but now the fix should be more complete.
 .
   [ Luca Boccassi ]
   * Update nv-readme.ids.
   * Drop linux-4.15.patch, merged upstream.
 .
   [ Andreas Beckmann ]
   * Merge changes from 384.130-1 (UNRELEASED).
   * Update lintian overrides.
Checksums-Sha1:
 95d562ff86b5ca0be9998abe2c5b3682905907ed 8391 nvidia-graphics-drivers_390.48-1.dsc
 222c54bb711a0fdb7eaf3316d9e6d1e33bcd59c8 81306808 nvidia-graphics-drivers_390.48.orig-amd64.tar.gz
 e3a6ce24952adc9f50b180f1e27f216981ac1a98 28654692 nvidia-graphics-drivers_390.48.orig-armhf.tar.gz
 65588c3bf5e23f84744b79d51b45e51efef24e2c 47338104 nvidia-graphics-drivers_390.48.orig-i386.tar.gz
 6399ae8a327ce6366855c91435e457f9cfe14669 138 nvidia-graphics-drivers_390.48.orig.tar.gz
 a44b8ef05ef125d69e357b9cbdf228131fc6fb59 177480 nvidia-graphics-drivers_390.48-1.debian.tar.xz
 92e6de812ed635724b6898ca0f99712c363c4f35 6805 nvidia-graphics-drivers_390.48-1_source.buildinfo
Checksums-Sha256:
 77d447e6ce405d0983368d2df750df7cb0cfd095c8a1d97e126965f330c962a5 8391 nvidia-graphics-drivers_390.48-1.dsc
 a6e93aaa0e4b8be96f7c6ae37d4483e319233e057eb1b6bf58d1e70466d467f5 81306808 nvidia-graphics-drivers_390.48.orig-amd64.tar.gz
 b6b7dac61d521c6be8f1c531c1e589912ac8684e5b81b852f49f99d10f23ba68 28654692 nvidia-graphics-drivers_390.48.orig-armhf.tar.gz
 8fa42992fe42e3d087959fd9dbb82a4fb29eff1a0bfce192db28cc1c857e4d2b 47338104 nvidia-graphics-drivers_390.48.orig-i386.tar.gz
 fbf704e2bcfd27db1817f42027575fd81e5edfda14e79d481c3688ea20b07aad 138 nvidia-graphics-drivers_390.48.orig.tar.gz
 c34d678755b5842cf62b035d6e07e0e463034d5905fe516724d0f8e5a985e933 177480 nvidia-graphics-drivers_390.48-1.debian.tar.xz
 91d40129344b91d2ae380bd2cd4f645a69001e2fdaf58fe5ea9d3964c489d47b 6805 nvidia-graphics-drivers_390.48-1_source.buildinfo
Files:
 500c3c6f3adeb81cfded98a051e6f0d2 8391 non-free/libs optional nvidia-graphics-drivers_390.48-1.dsc
 0a1729110d179074998f5caff7ddb1d0 81306808 non-free/libs optional nvidia-graphics-drivers_390.48.orig-amd64.tar.gz
 d5fbcd3e8d1217b75d313e91c4c7ba2c 28654692 non-free/libs optional nvidia-graphics-drivers_390.48.orig-armhf.tar.gz
 1d4a8a8e0ad65c6e133662520f591c7d 47338104 non-free/libs optional nvidia-graphics-drivers_390.48.orig-i386.tar.gz
 6f9fb58ccb02f13bc3b05f4057072917 138 non-free/libs optional nvidia-graphics-drivers_390.48.orig.tar.gz
 ba8486bd08771067fcfe85432b20fbd8 177480 non-free/libs optional nvidia-graphics-drivers_390.48-1.debian.tar.xz
 0fe51a1f002b005db73e11fd5441dada 6805 non-free/libs optional nvidia-graphics-drivers_390.48-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAlrGSVYQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCOcXD/9E7EZA+xhQibiSpuijdZc3UlEqunRN6EBY
T/53Aw1j28KrWMKipoYnh0FzpUUlTtN/96T9WddDw4IhZTHVMUDsL3ocAGgRSBPN
S9vrk5Qrq7skMQY8m0Ipay+E9CtB4BJGILUqWmrMeKzTKSkgBfrvAjQPTWAUzBFk
m7SldyS2sZ0ca0l4LWQQ+d1lN74edEAb07LYo50YrqaKuC+N9Pae9pWpxwg77JEo
genrEyNldZRR5bF3vXkyJBa/B8i/tnJLf4QTwJX7iuzE0Rwxa+Kns2CI+CCp6Gli
BpApGdEOmpzGlBO0J0qhjvyOEshT/i0E0W+Fu73eXetFcDBpT5ehob4Ab/sXi4v4
IPSytIVmyQ1KoFZeKEAEyIoI2ElYS/r/XZQ591ElCw+18sU0nKg3djnf3OCcgIDe
/L1TZyV4tYt7ai829gSHSxgSCS5RSKvMvGGQHoGg4f2V/jhOGBlz4Qqr7OxW1OPx
Q6BbycJ7ltz9SYfK9T3ISvq1RJo/5+wic+DY0nSCGoYgJstGKIaGI6kh+r3y0xYE
tZo/3fPQnmvL3cf5J8HbH5yxliH7xr33JeJ3Q4vw0nM9aMa3ee8Nm92ZIjKNciwV
oTp6e1lCg/HA36qKGmgALAkRjC1NBhJvyz4MZSuoHuXs42s36VXspQObLdQSNjc7
jaBOQQDh4g==
=MRCO
-----END PGP SIGNATURE-----

Message #67 received at 894338@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <anbe@debian.org>

To: Luca Boccassi <bluca@debian.org>, 894338@bugs.debian.org

Subject: Re: Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Date: Thu, 5 Apr 2018 19:29:23 +0200

On 2018-04-05 01:57, Luca Boccassi wrote:
> Gah, of course I had libglvnd from bpo. I always, always forget to
> remove it when moving back and forth...
> 
> Sorry for the noise, works fine after removing those.

But why doesn't it work with src:libglvnd from backports - it works fine
on sid (where src:libglvnd is the only choice), doesn't it? There
haven't been any glvnd symbol changes recently.

Probably postpone investigation until we have a 390.48 backport ...

> Do you need any help with these uploads? Would you like me to create
> the tickets for the release team, or do the upload to unstable of 390?

I had more time today than planned :-(
All done :-)

Andreas

Message #72 received at 894338-close@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <anbe@debian.org>

To: 894338-close@bugs.debian.org

Subject: Bug#894338: fixed in nvidia-graphics-drivers 384.130-1

Date: Mon, 30 Apr 2018 20:51:49 +0000

Source: nvidia-graphics-drivers
Source-Version: 384.130-1

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 894338@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <anbe@debian.org> (supplier of updated nvidia-graphics-drivers package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 17 Apr 2018 14:40:27 +0200
Source: nvidia-graphics-drivers
Binary: nvidia-driver nvidia-driver-bin nvidia-driver-libs nvidia-driver-libs-i386 nvidia-driver-libs-nonglvnd nvidia-driver-libs-nonglvnd-i386 xserver-xorg-video-nvidia nvidia-legacy-check libglvnd0-nvidia libopengl0-glvnd-nvidia libglx0-glvnd-nvidia libglx-nvidia0 libgl1-glvnd-nvidia-glx libgl1-nvidia-glvnd-glx libgl1-nvidia-glx libnvidia-glcore libegl1-glvnd-nvidia libegl1-nvidia libegl-nvidia0 libgles1-glvnd-nvidia libgles1-nvidia libgles-nvidia1 libgles2-glvnd-nvidia libgles2-nvidia libgles-nvidia2 libnvidia-eglcore nvidia-egl-common nvidia-egl-icd libnvidia-egl-wayland1 nvidia-egl-wayland-common nvidia-egl-wayland-icd nvidia-vulkan-common nvidia-vulkan-icd nvidia-nonglvnd-vulkan-common nvidia-nonglvnd-vulkan-icd libnvidia-cfg1 nvidia-alternative nvidia-kernel-support nvidia-kernel-dkms nvidia-kernel-source nvidia-vdpau-driver nvidia-smi nvidia-cuda-mps libcuda1 libcuda1-i386 libnvidia-compiler libnvidia-fatbinaryloader libnvidia-ptxjitcompiler1 libnvcuvid1
 libnvidia-encode1 libnvidia-ifr1 libnvidia-fbc1 libnvidia-ml1 nvidia-opencl-common nvidia-opencl-icd nvidia-libopencl1
 nvidia-detect
Architecture: source
Version: 384.130-1
Distribution: stretch
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <anbe@debian.org>
Description:
 libcuda1   - NVIDIA CUDA Driver Library${nvidia:LegacyDesc}
 libcuda1-i386 - NVIDIA CUDA 32-bit runtime library${nvidia:LegacyDesc}
 libegl-nvidia0 - NVIDIA binary EGL library${nvidia:LegacyDesc}
 libegl1-glvnd-nvidia - Vendor neutral GL dispatch library -- libEGL
 libegl1-nvidia - NVIDIA binary EGL library (non-GLVND variant)${nvidia:LegacyDesc}
 libgl1-glvnd-nvidia-glx - Vendor neutral GL dispatch library -- libGL
 libgl1-nvidia-glvnd-glx - NVIDIA binary OpenGL/GLX library (GLVND variant)${nvidia:LegacyDe
 libgl1-nvidia-glx - NVIDIA binary OpenGL/GLX library (non-GLVND variant)${nvidia:Lega
 libgles-nvidia1 - NVIDIA binary OpenGL|ES 1.x library${nvidia:LegacyDesc}
 libgles-nvidia2 - NVIDIA binary OpenGL|ES 2.x library${nvidia:LegacyDesc}
 libgles1-glvnd-nvidia - NVIDIA binary OpenGL|ES 1.x GLVND stub library
 libgles1-nvidia - NVIDIA binary OpenGL|ES 1.x library (transitional)${nvidia:Legacy
 libgles2-glvnd-nvidia - NVIDIA binary OpenGL|ES 2.x GLVND stub library
 libgles2-nvidia - NVIDIA binary OpenGL|ES 2.x library (transitional)${nvidia:Legacy
 libglvnd0-nvidia - Vendor neutral GL dispatch library -- libGLdispatch
 libglx-nvidia0 - NVIDIA binary GLX library${nvidia:LegacyDesc}
 libglx0-glvnd-nvidia - Vendor neutral GL dispatch library -- libGLX
 libnvcuvid1 - NVIDIA CUDA Video Decoder runtime library${nvidia:LegacyDesc}
 libnvidia-cfg1 - NVIDIA binary OpenGL/GLX configuration library${nvidia:LegacyDesc
 libnvidia-compiler - NVIDIA runtime compiler library${nvidia:LegacyDesc}
 libnvidia-egl-wayland1 - NVIDIA binary Wayland EGL external platform library
 libnvidia-eglcore - NVIDIA binary EGL core libraries${nvidia:LegacyDesc}
 libnvidia-encode1 - NVENC Video Encoding runtime library${nvidia:LegacyDesc}
 libnvidia-fatbinaryloader - NVIDIA FAT binary loader${nvidia:LegacyDesc}
 libnvidia-fbc1 - NVIDIA OpenGL-based Framebuffer Capture runtime library${nvidia:L
 libnvidia-glcore - NVIDIA binary OpenGL/GLX core libraries${nvidia:LegacyDesc}
 libnvidia-ifr1 - NVIDIA OpenGL-based Inband Frame Readback runtime library${nvidia
 libnvidia-ml1 - NVIDIA Management Library (NVML) runtime library${nvidia:LegacyDe
 libnvidia-ptxjitcompiler1 - NVIDIA PTX JIT Compiler${nvidia:LegacyDesc}
 libopengl0-glvnd-nvidia - Vendor neutral GL dispatch library -- libOpenGL
 nvidia-alternative - allows the selection of NVIDIA as GLX provider${nvidia:LegacyDesc
 nvidia-cuda-mps - NVIDIA CUDA Multi Process Service (MPS)
 nvidia-detect - NVIDIA GPU detection utility
 nvidia-driver - NVIDIA metapackage${nvidia:LegacyDesc}
 nvidia-driver-bin - NVIDIA driver support binaries${nvidia:LegacyDesc}
 nvidia-driver-libs - NVIDIA metapackage (OpenGL/GLX/EGL/GLES libraries)${nvidia:Legacy
 nvidia-driver-libs-i386 - NVIDIA metapackage (OpenGL/GLX/EGL/GLES 32-bit libraries)${nvidia
 nvidia-driver-libs-nonglvnd - NVIDIA metapackage (non-GLVND OpenGL/GLX/EGL/GLES libraries)${nvi
 nvidia-driver-libs-nonglvnd-i386 - NVIDIA metapackage (non-GLVND OpenGL/GLX/EGL/GLES 32-bit librarie
 nvidia-egl-common - NVIDIA binary EGL driver - common files
 nvidia-egl-icd - NVIDIA EGL installable client driver (ICD)
 nvidia-egl-wayland-common - NVIDIA binary Wayland EGL external platform - common files
 nvidia-egl-wayland-icd - NVIDIA Wayland EGL external platform library (ICD)
 nvidia-kernel-dkms - NVIDIA binary kernel module DKMS source${nvidia:LegacyDesc}
 nvidia-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc}
 nvidia-kernel-support - NVIDIA binary kernel module support files${nvidia:LegacyDesc}
 nvidia-legacy-check - check for NVIDIA GPUs requiring a legacy driver
 nvidia-libopencl1 - NVIDIA OpenCL ICD Loader library
 nvidia-nonglvnd-vulkan-common - NVIDIA Vulkan driver - common files (non-GLVND variant)
 nvidia-nonglvnd-vulkan-icd - NVIDIA Vulkan installable client driver (ICD) (non-GLVND variant)
 nvidia-opencl-common - NVIDIA OpenCL driver - common files
 nvidia-opencl-icd - NVIDIA OpenCL installable client driver (ICD)${nvidia:LegacyDesc}
 nvidia-smi - NVIDIA System Management Interface${nvidia:LegacyDesc}
 nvidia-vdpau-driver - Video Decode and Presentation API for Unix - NVIDIA driver${nvidi
 nvidia-vulkan-common - NVIDIA Vulkan driver - common files
 nvidia-vulkan-icd - NVIDIA Vulkan installable client driver (ICD)${nvidia:LegacyDesc}
 xserver-xorg-video-nvidia - NVIDIA binary Xorg driver${nvidia:LegacyDesc}
Closes: 888028 894338
Changes:
 nvidia-graphics-drivers (384.130-1) stretch; urgency=medium
 .
   * New upstream long lived branch release 384.130 (2018-03-28).
     * Fixed CVE-2018-6249, CVE-2018-6253.
       https://nvidia.custhelp.com/app/answers/detail/a_id/4649
       (Closes: #894338)
     - Improved compatibility with recent Linux kernels.
     - Fixed a string concatenation bug that caused libGL to accidentally try to
       create the directory "$HOME.nv" rather than "$HOME/.nv" in some cases
       where /tmp isn't accessible.  (Closes: #888028)
     - Increased the version numbers of the GLVND libGL, libGLESv1_CM,
       libGLESv2, and libEGL libraries, to prevent concurrently installed
       non-GLVND libraries from taking precedence in the dynamic linker
       cache.
   * New upstream release 340 series.
     - Fixed a bug which could cause X servers that export a Video Driver
       ABI earlier than 0.8 to crash when running X11 applications which
       call XRenderAddTraps().
 .
   [ Luca Boccassi ]
   * Install the renamed GLVND libraries and add SONAME symlinks.
 .
   [ Andreas Beckmann ]
   * Bump the required glx-diversions/glx-alternative-nvidia version for the
     renamed GLVND libraries.
   * Upload to stretch
Checksums-Sha1:
 72e894ea34933e02bb3d364756c8cacab2917855 8395 nvidia-graphics-drivers_384.130-1.dsc
 4b2a4be237569a2cdb8ce84eaeb5faab0486beee 82225587 nvidia-graphics-drivers_384.130.orig-amd64.tar.gz
 3eebebf6cb22bc0d63c78ab1e2f46502bc6461d9 28862083 nvidia-graphics-drivers_384.130.orig-armhf.tar.gz
 e577313dd2a54e760310e59c20e4b86e4e200f6a 47504082 nvidia-graphics-drivers_384.130.orig-i386.tar.gz
 918395ba2da05c5bfb5b1223bc9a257ee10b8e0c 139 nvidia-graphics-drivers_384.130.orig.tar.gz
 102886d73e8ca0b6e138335ffbd2a035623eff3e 173716 nvidia-graphics-drivers_384.130-1.debian.tar.xz
 dbdbb054cdb056ef487b2f1d2e7ec20c7828dc86 7075 nvidia-graphics-drivers_384.130-1_source.buildinfo
Checksums-Sha256:
 f1bd701afc8bd81e4679a1d16fda9408c766d0963cc2f0b57818af9ae04c92c1 8395 nvidia-graphics-drivers_384.130-1.dsc
 5b8104cae58a3a0487a4eae596716ee25c105d1c823cce2ab862b1292ae83754 82225587 nvidia-graphics-drivers_384.130.orig-amd64.tar.gz
 e5e636c163dc153bd4662ae4ba29d3e1cde0d0b479ff88dd5f03458f7fc411fb 28862083 nvidia-graphics-drivers_384.130.orig-armhf.tar.gz
 6d6465c7f52466c33b3c9fcb9a8c3fd65275e67a793418997cc33a78788fb3e9 47504082 nvidia-graphics-drivers_384.130.orig-i386.tar.gz
 97dc8c203e7ca5d32535e16e5a84dca7ffa8f5bb401ba0c7f25a4a7ca992c59d 139 nvidia-graphics-drivers_384.130.orig.tar.gz
 8b6d63d746c5a15124a9256566a2061b3eceaf19f09f89f74546f4c492fa4176 173716 nvidia-graphics-drivers_384.130-1.debian.tar.xz
 ccde3e1283eda463cbe679a3fd4138a89d2892b1f0fcd4d3baccf3cc0fdc0c49 7075 nvidia-graphics-drivers_384.130-1_source.buildinfo
Files:
 27296ee2baca6263901982bd9f32ad70 8395 non-free/libs optional nvidia-graphics-drivers_384.130-1.dsc
 bd533cbe768055e509b1c345695cd74a 82225587 non-free/libs optional nvidia-graphics-drivers_384.130.orig-amd64.tar.gz
 e7a0e31f9ac7f53c820961fe0d86bd8c 28862083 non-free/libs optional nvidia-graphics-drivers_384.130.orig-armhf.tar.gz
 1fab2293d4f37c89f5597aca9c13a256 47504082 non-free/libs optional nvidia-graphics-drivers_384.130.orig-i386.tar.gz
 185d83f72bf7684d8a16859e9b018924 139 non-free/libs optional nvidia-graphics-drivers_384.130.orig.tar.gz
 6c03f9d03f93da9f842e949599f81a4d 173716 non-free/libs optional nvidia-graphics-drivers_384.130-1.debian.tar.xz
 803f4d77b272e9331620d5672d6111ac 7075 non-free/libs optional nvidia-graphics-drivers_384.130-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAlrV7n8QHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCBlHD/9miBIWrtsOol251c+kTSEi9RCXk0ykdug9
YdEzSOyRcl7hXRmH9dso384iSJv8PjGiuS3dS430M8UD/RreEarKUfk2Dvw7vAcS
/XeFPVBiXW7vXCeZik2IeU1vvxVMTOyqetBdjzrH6Ey+B2LMgCQHGHKoijqdwT/I
8NIG7EsbJrYesa5doY3P/G+rg3D++usQil/hi53L22Wjsf5JPsn+14zthYG33NFL
DBEX9ph0dSMjo1M574DRwb7e3WC0Wqq1bmyR24kgE5SBncrQZxCsMpLt14MLVm8a
vDn/yicsZlR7n/iYWVARqS2nl77FMyUv19anwXyiOpGtYmuaScy2fFuBsnPZbwj3
qsna5KztrZZM8ysaokpuJ0caFGA2GhpT+OIpFppa39iFdY7wdcMhr4CItk/fRkWu
kDS29m1DXyapCLHA5GL5ri+JWZ5LmugRdV3DsllJnC/xO+IciH+kPRe8i6HMwmUn
6zK2kv1sx0xSRXP62fUyFtpm7PQJ3ddI79b3zZ1pKidDIUxlBBVs6tF0Z1vk57G6
6AXFMlECFp9VdF58M+AylF8KPG9wCEwH/YzCzsLlCtg3Nm+eG8QKkZuKq0CbCSRb
d43KWPt93m04Yae8dulmMQMkwZJGKu1RogV2egr94HkGzVf4CN9bXcaHIGNIwykz
jHV34EPR/A==
=Tnyj
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.