Ubuntu Security Notice USN-377-1
3rd November, 2006
linux-restricted-modules-2.6.15, linux-restricted-modules-2.6.17 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.10
- Ubuntu 6.06 LTS
Details
Derek Abdine discovered that the NVIDIA Xorg driver did not correctly
verify the size of buffers used to render text glyphs. When displaying
very long strings of text, the Xorg server would crash. If a user were
tricked into viewing a specially crafted series of glyphs, this flaw
could be exploited to run arbitrary code with root privileges.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.10:
- nvidia-glx 2.6.17.6-1
- Ubuntu 6.06 LTS:
- nvidia-glx 2.6.15.12-1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.