Bug 6278 - [UPDATE REQUEST] nvidia304 304.131
: [UPDATE REQUEST] nvidia304 304.131
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: Eugene Shatokhin
: ROSA Linux Bugs
https://advisories.mageia.org/MGASA-2...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-14 14:56 MSD by Zombie Ryushu
Modified: 2015-11-30 19:43 MSK (History)
3 users (show)

See Also:
RPM Package: nvidia304
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
eugene.shatokhin: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zombie Ryushu 2015-10-14 14:56:20 MSD
Removed libvdpau and libvdpau_trace from the NVIDIA driver package. VDPAU is not supported on the legacy hardware supported on the release 304 legacy driver branch. The libvdpau_nvidia vendor library is still included, so users who wish to use VDPAU with newer hardware that still works with release 304 drivers may install libvdpau from packages provided by the OS vendor where available, or from the source code available at:

    http://people.freedesktop.org/~aplattner/vdpau/
    Updated nvidia-installer to use modprobe(8) when leaving the NVIDIA kernel module loaded after installation, instead of insmod(8) or libkmod. This allows the kernel module to honor any configuration directives that apply to it in /etc/modprobe.d when it is loaded.
    Fixed a bug that allowed console messages from the Linux kernel to be drawn over the user interface of nvidia-installer.
Comment 1 Zombie Ryushu 2015-11-17 00:23:17 MSK
Escalation:

A vulnerability has been found in the nvidia proprietary driver that could
be used to allow a local, non-privileged user to corrupt kernel memory.
This could be used to gain local root privileges.
A local user can issue a specially crafted IOCTL to write a 32-bit integer
value stored in the kernel driver to a user-specified memory location,
potentially in the kernel address space. The user has a limited ability
to influence the value of the integer that is written. (CVE-2015-5950)
Comment 2 Eugene Shatokhin 2015-11-17 19:22:14 MSK
Version 304.131 has just been released. It provides a couple of important changes:

    * Fixed a bug that could cause texture corruption in some OpenGL
      applications when video memory is exhausted by a combination of
      simultaneously running graphical and compute workloads.

    * Added support for X.Org xserver ABI 20 (xorg-server 1.18).

I am working on the update now.
Comment 3 Eugene Shatokhin 2015-11-18 23:10:53 MSK
Advisory:
The NVidia drivers from 304.x branch were updated to version 304.131. Most significant changes in this version: 
1) support for the kernel up to 4.1.x inclusive
2) support for X11 server up to 1.18 inclusive
3) fix for texture corruption in some OpenGL apps
4) fix for CVE-2015-5950.

Build lists:
i586:
https://abf.io/build_lists/2599217
x86_64:
https://abf.io/build_lists/2599218
Comment 4 Eugene Shatokhin 2015-11-18 23:14:40 MSK
I checked this update on one of our test machines with GeForce 7300 LE. Seems to work OK.

x32: http://hw.rosalinux.ru/index.php?probe=c5ade6756a
x64: http://hw.rosalinux.ru/index.php?probe=2987db96a3
Comment 5 Vladimir Potapov 2015-11-25 07:29:29 MSK
The update is sent to expanded testing
***************************************
Comment 6 Vladimir Potapov 2015-11-30 15:57:27 MSK
nvidia304-304.131-1
https://abf.io/build_lists/2599217
https://abf.io/build_lists/2599218
**************************** Advisory **********************
The NVidia drivers from 304.x branch were updated to version 304.131. Most significant changes in this version: 
1) support for the kernel up to 4.1.x inclusive
2) support for X11 server up to 1.18 inclusive
3) fix for texture corruption in some OpenGL apps
4) fix for CVE-2015-5950.
************************************************************
QA Verified