Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in nvidia-graphics-drivers
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in nvidia-graphics-drivers
ID: USN-1420-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10
Datum: Mi, 11. April 2012, 17:14
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0946
Applikationen: nvidia-graphics-drivers

Originalnachricht


--===============7619073410535382080==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-0HebLqWEyRdOXMjDi+ST"


--=-0HebLqWEyRdOXMjDi+ST
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1420-1
April 11, 2012

nvidia-graphics-drivers, nvidia-graphics-drivers-173,
nvidia-graphics-drivers-173-updates, nvidia-graphics-drivers-updates vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

NVIDIA graphics drivers could be made to run programs as an administrator.

Software Description:
- nvidia-graphics-drivers: NVIDIA binary Xorg driver
- nvidia-graphics-drivers-173: NVIDIA binary Xorg driver
- nvidia-graphics-drivers-173-updates: NVIDIA binary Xorg driver
- nvidia-graphics-drivers-updates: NVIDIA binary Xorg driver

Details:

It was discovered that the NVIDIA graphics drivers could be reconfigured to
gain access to arbitrary system memory. A local attacker could use this
issue to possibly gain root privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
nvidia-173 173.14.30-0ubuntu8.1
nvidia-173-updates 173.14.30-0ubuntu5.1
nvidia-current 280.13-0ubuntu6.1
nvidia-current-updates 280.13-0ubuntu5.1

Ubuntu 11.04:
nvidia-173 173.14.30-0ubuntu1.1
nvidia-current 270.41.06-0ubuntu1.1

Ubuntu 10.04 LTS:
nvidia-173 173.14.22-0ubuntu11.1
nvidia-current 195.36.24-0ubuntu1~10.04.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1420-1
CVE-2012-0946

Package Information:
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/280.13-0ubuntu6.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.30-0ubuntu8.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173-updates/173.14.30-0ubuntu5.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/280.13-0ubuntu5.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/270.41.06-0ubuntu1.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.30-0ubuntu1.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/195.36.24-0ubuntu1~10.04.2
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.22-0ubuntu11.1



--ÐHebLqWEyRdOXMjDi+ST
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJPhZxCAAoJEGVp2FWnRL6TLIAQAIthVVivhxqwv7j1e+7vS51j
kxFURUUgpD/WujXQImpHmnU0sqeg3kUi2eKZJpeuyOixblrCXD1CRe9oBmjV9oAL
PqLWcr2qw/qRs63zoIk7ER8xulye7vHURejP+ZHMS0inNs0mEo7aohSo0Rycgibr
ssicw7duuItxmBjvA2qWT6p2L69IvQH5ZKFAD4yvNzOa6P7/yiepyNacUII/FImc
DdbfG9UoDXRH8aVvX/5am7txCABWDyjKlFUUcmRFIssw5KhAxQ16SpOeITwVGUGQ
tc0gJ9LZze6AmiVYsgUjGsLRPNyPZB+zkmEB/V/ibIJjszGfElN83zkdd8VChRRO
2Md3XGg8UEsZE3tictfGanem/e+cElkFhvwdVPgdz+J3uJyyBIJg66xJ/eLTZ7OB
FUJVhI3W7jPHmaH383SrWLxqA2Wgw8hKObkpUiwu41bjK5xW9g+pmphxgm36BCrC
IT2M91z3nkyMGWL8BGRhAksfWg0k4BgpnQCNnBRFbw/yyyFjXEJ92b08SgpmcYOv
NfLImbmsvMF7GGFMB7hjPEvWav3iGgQceMyHQ6iSccYawRb4yK+Bzr6QnPD8mQum
GeJxBj8UgbvgRISWc/TD+EWZ8Sd03fMHGWmy+KoS7FtjWhpb7+cB6I9FFacJSglc
+lLPsTo+YfrM+kw8+HFP
=PxN5
-----END PGP SIGNATURE-----

--=-0HebLqWEyRdOXMjDi+ST--



--===============7619073410535382080==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============7619073410535382080==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung