Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: NVIDIA Fixes Linux GPU Driver Security Hole

  1. #11
    Join Date
    Feb 2012
    Posts
    505

    Default

    Quote Originally Posted by uid313 View Post
    Because Nvidia totally ignored the issue even when people notified them of the vulnerability.
    If this was in open source driver, then it would have gotten fixed as soon as possible. When notified, there would be a fix hours later.
    How is this an explanation for the fact that any software could have undisclosed vulnerabilities for years?

    Also, remember the Debian openssl thing? They were applying the bogus patch for almost two years, before someone discovered the issue. And that was open source software!
    Last edited by Gusar; 08-04-2012 at 09:09 PM.

  2. #12
    Join Date
    Dec 2011
    Posts
    2,159

    Default

    Quote Originally Posted by Gusar View Post
    How is this an explanation for the fact that any software could have undisclosed vulnerabilities for years?
    Because someone notified them of this vulnerability a month ago and they did absolutely nothing.

    So it would not be unreasonable to believe that someone else may have notified them of this (or other) issues several years ago and they have done nothing about it.

    They now have a proven track record of ignoring known vulnerabilities.

  3. #13
    Join Date
    Jan 2010
    Posts
    367

    Default

    I'd say it's not unlikely that certain someone didn't actually report it or reported it to the wrong person, so the information wasn't actually forwarded to the development team.

  4. #14
    Join Date
    May 2007
    Posts
    319

    Default

    Quote Originally Posted by brent View Post
    I'd say it's not unlikely that certain someone didn't actually report it or reported it to the wrong person, so the information wasn't actually forwarded to the development team.
    No a certain someone did report and did report it to the right mail alias, thinking that would inform nvidia off the problem, hey why else would you have an advertised security alias. However it seems that nobody was informed of the problem in nvidia despsite me following their advertised procedures.

    So yes the first they knew of it was when it went public, on f-d, but not through lack of trying on my behalf.

    Dave.

  5. #15
    Join Date
    Nov 2008
    Location
    somewhere at the edge of the Milky Way
    Posts
    98

    Thumbs down About damn time, you morons!

    Quote Originally Posted by Phoronix
    Days after it was publicly revealed that they blantantly ignored a critical security vulnerability for months, NVIDIA has updated their blob to address this problem.
    So I guess we should now probably be praising them by throwing huge parties on the rooftops and making everyone we know buy truckloads of their GPUs, right?
    Last edited by »John«; 08-06-2012 at 05:42 AM.

  6. #16
    Join Date
    Dec 2010
    Posts
    40

    Default

    well i am not an Nvidia fan or AMD for that matter, but i run an amd laptop because i bought it cheap if i knew intel will invest so much time in their open drivers i would have waited and got an SandyBridge machine. In my opinion amd and nvidia ignore alot of bugs that are reported directly to them and pretend they didnt hear didnt happen and so on. As i said it many times i sincerely hope Intel pulls on Haswell and IGP capable of competing with AMD and Nvidia discrete cards, like that i can finally buy a fully opensource machine.

    P.S on my desktop nvidia 8400gs card worked without a problem with any distro and driver

  7. #17
    Join Date
    Jan 2010
    Posts
    367

    Default

    Quote Originally Posted by airlied View Post
    So yes the first they knew of it was when it went public, on f-d, but not through lack of trying on my behalf.
    Well, in any case, it was a communication problem of some sort. Nvidia does not purposely ignore critical bug reports, they're not that stupid.

  8. #18
    Join Date
    Apr 2010
    Posts
    1,946

    Default

    Quote Originally Posted by Gusar View Post
    How is this an explanation for the fact that any software could have undisclosed vulnerabilities for years?

    Also, remember the Debian openssl thing? They were applying the bogus patch for almost two years, before someone discovered the issue. And that was open source software!
    Just open means everyone capable can patch, closed means only certain circle can patch. Can you follow which is easier to patch?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •