Announcement

Collapse
No announcement yet.

NVIDIA Fixes Linux GPU Driver Security Hole

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by uid313 View Post
    Because Nvidia totally ignored the issue even when people notified them of the vulnerability.
    If this was in open source driver, then it would have gotten fixed as soon as possible. When notified, there would be a fix hours later.
    How is this an explanation for the fact that any software could have undisclosed vulnerabilities for years?

    Also, remember the Debian openssl thing? They were applying the bogus patch for almost two years, before someone discovered the issue. And that was open source software!
    Last edited by Gusar; 08-04-2012, 08:09 PM.

    Comment


    • #12
      Originally posted by Gusar View Post
      How is this an explanation for the fact that any software could have undisclosed vulnerabilities for years?
      Because someone notified them of this vulnerability a month ago and they did absolutely nothing.

      So it would not be unreasonable to believe that someone else may have notified them of this (or other) issues several years ago and they have done nothing about it.

      They now have a proven track record of ignoring known vulnerabilities.

      Comment


      • #13
        I'd say it's not unlikely that certain someone didn't actually report it or reported it to the wrong person, so the information wasn't actually forwarded to the development team.

        Comment


        • #14
          Originally posted by brent View Post
          I'd say it's not unlikely that certain someone didn't actually report it or reported it to the wrong person, so the information wasn't actually forwarded to the development team.
          No a certain someone did report and did report it to the right mail alias, thinking that would inform nvidia off the problem, hey why else would you have an advertised security alias. However it seems that nobody was informed of the problem in nvidia despsite me following their advertised procedures.

          So yes the first they knew of it was when it went public, on f-d, but not through lack of trying on my behalf.

          Dave.

          Comment


          • #15
            About damn time, you morons!

            Originally posted by Phoronix
            Days after it was publicly revealed that they blantantly ignored a critical security vulnerability for months, NVIDIA has updated their blob to address this problem.
            So I guess we should now probably be praising them by throwing huge parties on the rooftops and making everyone we know buy truckloads of their GPUs, right?
            Last edited by »John«; 08-06-2012, 04:42 AM.

            Comment


            • #16
              well i am not an Nvidia fan or AMD for that matter, but i run an amd laptop because i bought it cheap if i knew intel will invest so much time in their open drivers i would have waited and got an SandyBridge machine. In my opinion amd and nvidia ignore alot of bugs that are reported directly to them and pretend they didnt hear didnt happen and so on. As i said it many times i sincerely hope Intel pulls on Haswell and IGP capable of competing with AMD and Nvidia discrete cards, like that i can finally buy a fully opensource machine.

              P.S on my desktop nvidia 8400gs card worked without a problem with any distro and driver

              Comment


              • #17
                Originally posted by airlied View Post
                So yes the first they knew of it was when it went public, on f-d, but not through lack of trying on my behalf.
                Well, in any case, it was a communication problem of some sort. Nvidia does not purposely ignore critical bug reports, they're not that stupid.

                Comment


                • #18
                  Originally posted by Gusar View Post
                  How is this an explanation for the fact that any software could have undisclosed vulnerabilities for years?

                  Also, remember the Debian openssl thing? They were applying the bogus patch for almost two years, before someone discovered the issue. And that was open source software!
                  Just open means everyone capable can patch, closed means only certain circle can patch. Can you follow which is easier to patch?

                  Comment

                  Working...
                  X