Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in Nvidia-Treiber
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Nvidia-Treiber
ID: USN-1799-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 12.10
Datum: Mi, 10. April 2013, 17:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0131
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/304.88-0ubuntu0.0.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/304.88-0ubuntu0.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/304.88-0ubuntu0.0.2
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/304.88-0ubuntu0.1
https://launchpad.net/ubuntu/+source/nvidia-settings-updates/304.88-0ubuntu0.0.2
https://launchpad.net/ubuntu/+source/nvidia-settings-updates/304.88-0ubuntu0.2
Applikationen: nVidia XFree86/X.org Drivers

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============5132068029123785114==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="------------enigAD3AB6C9D817998051DEE5DC"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigAD3AB6C9D817998051DEE5DC
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1799-1
April 10, 2013

nvidia-graphics-drivers, nvidia-graphics-drivers-updates,
nvidia-settings, nvidia-settings-updates vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

NVIDIA graphics drivers could be made to run programs as an administrator.

Software Description:
- nvidia-graphics-drivers: NVIDIA binary Xorg driver
- nvidia-graphics-drivers-updates: NVIDIA binary Xorg driver
- nvidia-settings: Tool for configuring the NVIDIA graphics driver
- nvidia-settings-updates: Tool for configuring the NVIDIA graphics driver

Details:

It was discovered that the NVIDIA graphics drivers incorrectly handled
large ARGB cursors. A local attacker could use this issue to gain root
privileges.

The NVIDIA graphics drivers have been updated to 304.88 to fix this issue.
In addition to the security fix, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
  nvidia-current                  304.88-0ubuntu0.1
  nvidia-current-updates          304.88-0ubuntu0.1
  nvidia-settings                 304.88-0ubuntu0.2
  nvidia-settings-updates         304.88-0ubuntu0.2

Ubuntu 12.04 LTS:
  nvidia-current                  304.88-0ubuntu0.0.2
  nvidia-current-updates          304.88-0ubuntu0.0.1
  nvidia-settings                 304.88-0ubuntu0.0.2
  nvidia-settings-updates         304.88-0ubuntu0.0.2

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1799-1
  CVE-2013-0131

Package Information:

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/304.88-0ubuntu0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/304.88-0ubuntu0.1
  https://launchpad.net/ubuntu/+source/nvidia-settings/304.88-0ubuntu0.2

https://launchpad.net/ubuntu/+source/nvidia-settings-updates/304.88-0ubuntu0.2

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/304.88-0ubuntu0.0.2

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/304.88-0ubuntu0.0.1
  https://launchpad.net/ubuntu/+source/nvidia-settings/304.88-0ubuntu0.0.2

https://launchpad.net/ubuntu/+source/nvidia-settings-updates/304.88-0ubuntu0.0.2



--------------enigAD3AB6C9D817998051DEE5DC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRZWZvAAoJEGVp2FWnRL6TIK8P/i5ufLk0tr3NGOVdKVA0iRE6
iSzoXdy+kR3l8nQF/xzopnsGE15NU+mwWmizMRCmsT7M8XnU+G97t1LyFWRgOaa/
jjfgDRlhLBq47gffqH1A0jPfj7xd5pFeI1tsxXu7kZZiqWg5rLA5uqTgZljbT3Ek
+Q/6noASqbGtpj3vSu+4B3D+sfmQkFOHaF0vfoIjIJoVuvnTB6gzsBujiPMRUmLQ
vwkToCsAdIICASTh0nxY2dyhknQ7y34DWvbLzzi6hnAGCQA61RUOU6Ev0O9/PbFL
rY1qStfU30DZfRoL5P5jkpzCiyj1Z4JIBVn1bYTbk1znXMG1OEcal9Mv59lPH7ym
mYh5ZjYzR9QHA6TI9dIp16OtfBD3QPu13qML0okf7bP1wvzw57shJY9kP9peDfJm
7M6DyDQ7s8X6Pj+vtBa1M2J96kurIkNMgLzjs6OCI8NW4OMCGiFvh2Qxxb6ZfAQT
hVSJGwY7SCFKARz+C3RTsLvzdciehsMTdc6PnxVBhB91tY5T8lqxwWnoTpdXDetI
AxVkTSZAVPXCdY6yzm2mKO6M+6IR3MXhc++hzuGx6u0huuOF+fh9rgdZ/ic0AqNp
FTV46TX9YWkLv1NMR6oj4iKZVCsN2w0dOKxdpXZs/GEoHk6/Yi+9BCiXmw5l1suk
UgcFSmILXvlUSZcu97Zq
=T8p4
-----END PGP SIGNATURE-----

--------------enigAD3AB6C9D817998051DEE5DC--


--===============5132068029123785114==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5132068029123785114==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung