Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in nvidia-graphics-drivers
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in nvidia-graphics-drivers
ID: USN-1420-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10
Datum: Mi, 11. April 2012, 17:14
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0946
Applikationen: nVidia XFree86/X.org Drivers

Originalnachricht

 

--===============7619073410535382080==
Content-Type: multipart/signed; micalg="pgp-sha512";
	protocol="application/pgp-signature";
 boundary="=-0HebLqWEyRdOXMjDi+ST"


--=-0HebLqWEyRdOXMjDi+ST
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1420-1
April 11, 2012

nvidia-graphics-drivers, nvidia-graphics-drivers-173,
 nvidia-graphics-drivers-173-updates, nvidia-graphics-drivers-updates vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

NVIDIA graphics drivers could be made to run programs as an administrator.

Software Description:
- nvidia-graphics-drivers: NVIDIA binary Xorg driver
- nvidia-graphics-drivers-173: NVIDIA binary Xorg driver
- nvidia-graphics-drivers-173-updates: NVIDIA binary Xorg driver
- nvidia-graphics-drivers-updates: NVIDIA binary Xorg driver

Details:

It was discovered that the NVIDIA graphics drivers could be reconfigured to
gain access to arbitrary system memory. A local attacker could use this
issue to possibly gain root privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  nvidia-173                      173.14.30-0ubuntu8.1
  nvidia-173-updates              173.14.30-0ubuntu5.1
  nvidia-current                  280.13-0ubuntu6.1
  nvidia-current-updates          280.13-0ubuntu5.1

Ubuntu 11.04:
  nvidia-173                      173.14.30-0ubuntu1.1
  nvidia-current                  270.41.06-0ubuntu1.1

Ubuntu 10.04 LTS:
  nvidia-173                      173.14.22-0ubuntu11.1
  nvidia-current                  195.36.24-0ubuntu1~10.04.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1420-1
  CVE-2012-0946

Package Information:
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/280.13-0ubuntu6.1
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.30-0ubuntu8.1
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173-updates/173.14.30-0ubuntu5.1
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/280.13-0ubuntu5.1
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/270.41.06-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.30-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/195.36.24-0ubuntu1~10.04.2
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.22-0ubuntu11.1



--ÐHebLqWEyRdOXMjDi+ST
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJPhZxCAAoJEGVp2FWnRL6TLIAQAIthVVivhxqwv7j1e+7vS51j
kxFURUUgpD/WujXQImpHmnU0sqeg3kUi2eKZJpeuyOixblrCXD1CRe9oBmjV9oAL
PqLWcr2qw/qRs63zoIk7ER8xulye7vHURejP+ZHMS0inNs0mEo7aohSo0Rycgibr
ssicw7duuItxmBjvA2qWT6p2L69IvQH5ZKFAD4yvNzOa6P7/yiepyNacUII/FImc
DdbfG9UoDXRH8aVvX/5am7txCABWDyjKlFUUcmRFIssw5KhAxQ16SpOeITwVGUGQ
tc0gJ9LZze6AmiVYsgUjGsLRPNyPZB+zkmEB/V/ibIJjszGfElN83zkdd8VChRRO
2Md3XGg8UEsZE3tictfGanem/e+cElkFhvwdVPgdz+J3uJyyBIJg66xJ/eLTZ7OB
FUJVhI3W7jPHmaH383SrWLxqA2Wgw8hKObkpUiwu41bjK5xW9g+pmphxgm36BCrC
IT2M91z3nkyMGWL8BGRhAksfWg0k4BgpnQCNnBRFbw/yyyFjXEJ92b08SgpmcYOv
NfLImbmsvMF7GGFMB7hjPEvWav3iGgQceMyHQ6iSccYawRb4yK+Bzr6QnPD8mQum
GeJxBj8UgbvgRISWc/TD+EWZ8Sd03fMHGWmy+KoS7FtjWhpb7+cB6I9FFacJSglc
+lLPsTo+YfrM+kw8+HFP
=PxN5
-----END PGP SIGNATURE-----

--=-0HebLqWEyRdOXMjDi+ST--



--===============7619073410535382080==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============7619073410535382080==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung