Sicherheit: Zwei Probleme in NVIDIA graphics drivers

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1103555761250801851==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="D253N1wCrxNHI29bxswGa3MQdFCT7qxPp"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--D253N1wCrxNHI29bxswGa3MQdFCT7qxPp
Content-Type: multipart/mixed;
boundary="WD46nTrMHkrh46JOav652qqnk6jstgx5H"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <589ed950-2dd9-b93f-c210-58b46493f2cc@canonical.com>
Subject: [USN-3122-1] NVIDIA graphics drivers vulnerabilities

--WD46nTrMHkrh46JOav652qqnk6jstgx5H
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3122-1
November 03, 2016

nvidia-graphics-drivers-304, nvidia-graphics-drivers-340,
nvidia-graphics-drivers-367 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

NVIDIA graphics drivers could be made to run programs as an administrator.

Software Description:
- nvidia-graphics-drivers-304: NVIDIA binary X.Org driver
- nvidia-graphics-drivers-340: NVIDIA binary X.Org driver
- nvidia-graphics-drivers-367: NVIDIA binary X.Org driver

Details:

It was discovered that the NVIDIA graphics drivers incorrectly sanitized
user mode inputs. A local attacker could use this issue to possibly gain
root privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
nvidia-304 304.132-0ubuntu0.16.04.2
nvidia-304-updates 304.132-0ubuntu0.16.04.2
nvidia-331 340.98-0ubuntu0.16.04.1
nvidia-331-updates 340.98-0ubuntu0.16.04.1
nvidia-340 340.98-0ubuntu0.16.04.1
nvidia-340-updates 340.98-0ubuntu0.16.04.1
nvidia-361 367.57-0ubuntu0.16.04.1
nvidia-367 367.57-0ubuntu0.16.04.1
nvidia-current 304.132-0ubuntu0.16.04.2

Ubuntu 14.04 LTS:
nvidia-304 304.132-0ubuntu0.14.04.2
nvidia-304-updates 304.132-0ubuntu0.14.04.2
nvidia-331 340.98-0ubuntu0.14.04.1
nvidia-331-updates 340.98-0ubuntu0.14.04.1
nvidia-340 340.98-0ubuntu0.14.04.1
nvidia-340-updates 340.98-0ubuntu0.14.04.1
nvidia-352 367.57-0ubuntu0.14.04.1
nvidia-352-updates 367.57-0ubuntu0.14.04.1
nvidia-367 367.57-0ubuntu0.14.04.1
nvidia-current 304.132-0ubuntu0.14.04.2

Ubuntu 12.04 LTS:
nvidia-304 304.132-0ubuntu0.12.04.1
nvidia-304-updates 304.132-0ubuntu0.12.04.1
nvidia-331 340.98-0ubuntu0.12.04.1
nvidia-331-updates 340.98-0ubuntu0.12.04.1
nvidia-340 340.98-0ubuntu0.12.04.1
nvidia-340-updates 340.98-0ubuntu0.12.04.1
nvidia-current 304.132-0ubuntu0.12.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3122-1
CVE-2016-7382, CVE-2016-7389

Package Information:

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.132-0ubuntu0.16.04.2

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/340.98-0ubuntu0.16.04.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-367/367.57-0ubuntu0.16.04.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.132-0ubuntu0.14.04.2

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/340.98-0ubuntu0.14.04.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-367/367.57-0ubuntu0.14.04.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.132-0ubuntu0.12.04.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/340.98-0ubuntu0.12.04.1

--WD46nTrMHkrh46JOav652qqnk6jstgx5H--

--D253N1wCrxNHI29bxswGa3MQdFCT7qxPp
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJYG13qAAoJEGVp2FWnRL6TvdkP/ioGZ0CcpbPsnnQvPvgAT0ET
/ub7g9a4IoBjdqxNgS85Ua6uBj9tJAFrqjPlfAjtN426LH2wY+6dtGaj0qQ4NEM8
nsjg+e+YTAiYdkQ1BVwb3PE2XzQtakZrVpHi4XbhUXy2rhmhezEh3ut3MPYAfXDY
QilbDgZ1niF0NtOTuH1enbmCpUrhloSv8Bq+RDYzMtBjvIbstAitqc9EL95hdh7P
PaaO74pAYyFGM+t/OS9yrIOueveSnKNTwWJkCLSNbDEVceuzKuAvJ3DFMu0tOv/t
Brr5ZTtX0Q/FG1oP0xwqWc5f0ucg86Wrr+mONSjmB9A8ComUke9oAAuE8GusTaOT
5b5HMsibL5aa9ikSjeh38AbCcBPnxUyX1SkYtg68pBFm5BppdY9S2HjCM8ORA7sB
8gj2V9tJFvrdgsVtWuacXkw221bzYc5vT5+R9MVqU8kqYPiO/11fw7bM7YIx9Mff
CxQuysz9VIx++sbXO4qv4LjWvdxNJaDkSV6PFz4UsvTw92heq+t9lXFm+x6TVJpP
5aPPayPB+anoKHin53Z7vaz0fwiz3vY4k5RoaKp7h2OaSXCHHJbmqAfhGBQfqX2e
Bd4WfI4Q0NRNsFyNJ3SPdn0MMPIrz0oFrr9pXF3StXhdEjKRqlx7GItK2TsJ7xmA
el0Q25FXbmgONmVvlSaW
=JvHH
-----END PGP SIGNATURE-----

--D253N1wCrxNHI29bxswGa3MQdFCT7qxPp--

--===============1103555761250801851==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1103555761250801851==--